[EMAIL PROTECTED]([EMAIL PROTECTED])@2003.03.06 22:11:28 +0800: > > > The openca user-guide file said that the user must modify the file in > OPENCA/etc/openssl.cnf and OPENCA/etc/openssl/*.cnf if you want to use dc-style > DN. I modified the file but still have problem in issue a new certificate. > Could someone give me a sample file of openssl.cnf using dc-style DN? > > Some error log: > > Using configuration > from /usr/local/openca.0.9.1/openca/etc/openssl/openssl/CA_Operator.conf > Check that the request matches the signature > Signature ok > The Subject's Distinguished Name is as follows > domainComponent :PRINTABLE:'CN' > domainComponent :PRINTABLE:'EDU' > domainComponent :PRINTABLE:'DLUT' > organizationalUnitName:PRINTABLE:'student' > commonName :PRINTABLE:'op1' > serialNumber :PRINTABLE:'2' > ERROR: adding extensions in section default > 15313:error:2206D06C:X509 V3 routines:X509V3_parse_list:invalid null > name:v3_utl.c:319: > 15313:error:2206B069:X509 V3 routines:X509V3_EXT_conf:invalid extension > string:v3_conf.c:138:name=subjectAltName,section= > 15313:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in > extension:v3_conf.c:92:name=subjectAltName, value= > unable to write 'random state'
I think the error log says that you are missing the email address in subjectAltName, se "The OpenCA Guide". To use dc-style DN I would try something like this in the config files: ... # For the CA policy [ policy_match ] domainComponent = supplied domainComponent = supplied commonName = optional emailAddress = optional ... [ req_distinguished_name ] emailAddress = Email Address emailAddress_max = 60 commonName = Common Name (eg, YOUR name) commonName_max = 64 0.domainComponent = Subdomain (umu) 1.domainComponent = Topdomain (se) SET-ex3 = SET extension number 3 Eventually you also have to supply the OID: [ new_oids ] domainComponent=0.9.2342.19200300.100.1.25 Regards /Einar Hillbom -- Einar Hillbom [EMAIL PROTECTED] UMDACs Incident Response Team [EMAIL PROTECTED] NorrNod/UMDAC Umea University Phone: +46(0)90-7867420 S-901 87 Umea Sweden Fax : +46(0)90-7866762 Public PGP Key (0x6C1A428A) at http://horowitz.surfnet.nl:11371 ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
