Here is where I found the UID was ignored and the error that I got when I use UID.
OpenCA setup
1. Genernal -> Initialization -> Initialize the Certification Authority -> Generate new CA Certificate Request -> (fill in the information and click OK )
Change the DN from "[EMAIL PROTECTED],CN=My CA,DC=domain,DC=com" to "[EMAIL PROTECTED],CN=My CA,uid=ca,DC=domain,DC=com" and click "OK"
on the last screen, the Subject is "[EMAIL PROTECTED],CN=My CA,DC=domain,DC=com",
uid is missing from the Subject. I check the database as well and can't see uid neither.
If OpenSSL doesn't know "uid" the it will be silently deleted if -subj is used (and OpenCA uses -subj).
2. General -> Initialization -> Create the initial administrator -> Edit the Request uid field didn't show up in the Subject section but it is ok, I can add. fill in those information and click "OK"
now I am on the "Waiting for Approval" screen, I can see "uid" under "Distinguished Name"..., then click "Issue Certificate"
then I got the following error..
OpenCA::OpenSSL returns errocode 7731075 (OpenCA::OpenSSL->issueCert: OpenSSL fails (7777067). Using configuration from /usr/local/openca/etc/openssl/openssl/CA_Operator.conf
Check that the request matches the signature
Signature ok
Subject Attribute uid has no known NID, skipped
The Subject's Distinguished Name is as follows
domainComponent :PRINTABLE:'COM'
domainComponent :PRINTABLE:'ThoughtWorks'
domainComponent :PRINTABLE:'Corporate-Dev'
organizationalUnitName:PRINTABLE:'People'
commonName :PRINTABLE:'ThoughtWorks Certification Authority'
serialNumber :PRINTABLE:'1'
uid:unknown object type in 'policy' configuration
error in ca
If you need the uid then you must add it to the openca configuration files in etc/openssl and etc/openssl/openssl. uid itself is actually unknown for OpenSSL because they commented it in objects.txt. This is an old bug from OpenSSL 0.9.6 which still exists in 0.9.7. The bug is not fixable in 0.9.6 but can be fixed in 0.9.7.
I send a bug report with a description for a fix to OpenSSL. You can use the description to fix the bug in OpenSSL 0.9.7e by hand. Please see here:
http://www.aet.tu-cottbus.de/rt2/
The bug (ticket) id is 937.
Michael -- _______________________________________________________________
Michael Bell Humboldt-Universitaet zu Berlin
Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
