I just wondering whether multiple CNs in a DN is permissible or not under IETF PKIX spec?
-------------------------------------------------- From: "dblaine" <blain...@gdls.com> Sent: Sunday, December 11, 2011 8:52 AM To: <openca-users@lists.sourceforge.net> Subject: Re: [Openca-Users] How to generate a certificate with lots of CN's > > This is an issue with the openssl command line that is called but I > haven't > found a good workaround yet. Any help appreciated. > > Dave > > > dblaine wrote: >> >> I now get past the request phase. I am now in the CA interface when I try >> to generate the certificate. I get the following: >> >> >> Error Code: 6761 >> >> >> >> Error while issuing Certificate(ilt) to xfstest.gdls.com (filename: >> /appl/openca-1.0.2/openca/var/openca/tmp/22AE.req). >> >> >> OpenCA::OpenSSL returns errocode 7731075 (OpenCA::OpenSSL->issueCert: >> OpenSSL fails (7777067). unknown option openssl >> usage: ca args >> >> -verbose - Talk alot while doing things >> -config file - A config file >> -name arg - The particular CA definition to use >> -gencrl - Generate a new CRL >> -crldays days - Days is when the next CRL is due >> -crlhours hours - Hours is when the next CRL is due >> -startdate YYMMDDHHMMSSZ - certificate validity notBefore >> -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days) >> -days arg - number of days to certify the certificate for >> -md arg - md to use, one of md2, md5, sha or sha1 >> -policy arg - The CA 'policy' to support >> -keyfile arg - private key file >> -keyform arg - private key file format (PEM or ENGINE) >> -key arg - key to decode the private key if it is encrypted >> -cert file - The CA certificate >> -selfsign - sign a certificate with the key associated with it >> -in file - The input PEM encoded certificate request(s) >> -out file - Where to put the output file(s) >> -outdir dir - Where to put output certificates >> -infiles .... - The last argument, requests to process >> -spkac file - File contains DN and signed public key and challenge >> -ss_cert file - File contains a self signed cert to sign >> -preserveDN - Don't re-order the DN >> -noemailDN - Don't add the EMAIL field into certificate' subject >> -batch - Don't ask questions >> -msie_hack - msie modifications to handle all those universal strings >> -revoke file - Revoke a certificate (given in file) >> -subj arg - Use arg instead of request's subject >> -utf8 - input characters are UTF8 (default ASCII) >> -multivalue-rdn - enable support for multivalued RDNs >> -extensions .. - Extension section (override value in config file) >> -extfile file - Configuration file with X509v3 extentions to add >> -crlexts .. - CRL extension section (override value in config file) >> -engine e - use engine e, possibly a hardware device. >> -status serial - Shows certificate status given the serial number >> -updatedb - Updates db for expired certificates >> error in ca >> openssl:Error: >> >> >> 't/CN=one/CN=two/CN=three/CN=four..../CN=thir' is an invalid command. >> >> As you can see the command is cut off due to the command line length >> exceeded. >> >> >> Help! >> >> Dave >> >> >> This is an e-mail from General Dynamics Land Systems. It is for the >> intended recipient only and may contain confidential and privileged >> information. No one else may read, print, store, copy, forward or act in >> reliance on it or its attachments. If you are not the intended >> recipient, >> please return this message to the sender and delete the message and any >> attachments from your computer. Your cooperation is appreciated. >> >> >> >> ------------------------------------------------------------------------------ >> EMC VNX: the world's simplest storage, starting under $10K >> The only unified storage solution that offers unified management >> Up to 160% more powerful than alternatives and 25% more efficient. >> Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev >> _______________________________________________ >> Openca-Users mailing list >> Openca-Users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openca-users >> >> > > -- > View this message in context: > http://old.nabble.com/Re%3A-How-to-generate-a-certificate-with-lots-of-CN%27s-tp32344471p32955453.html > Sent from the openca-users mailing list archive at Nabble.com. > > > ------------------------------------------------------------------------------ > Learn Windows Azure Live! Tuesday, Dec 13, 2011 > Microsoft is holding a special Learn Windows Azure training event for > developers. It will provide a great way to learn Windows Azure and what it > provides. You can attend the event by watching it streamed LIVE online. > Learn more at http://p.sf.net/sfu/ms-windowsazure > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------------------------------ Learn Windows Azure Live! Tuesday, Dec 13, 2011 Microsoft is holding a special Learn Windows Azure training event for developers. It will provide a great way to learn Windows Azure and what it provides. You can attend the event by watching it streamed LIVE online. Learn more at http://p.sf.net/sfu/ms-windowsazure _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
