Harald Koch wrote: > There's a configuration option in the openssl.conf file that lets you > either copy or move the email address from the X509 subject to the > subjectAltName extension.
The problem was that if you did not wanted the EMAIL field in the subject
while having the extensions correctly set you should use the $ENV support
for it to be set (I know of any other methods useful when issuing certs
as the email is one field that changes for every certificate and it is
not recomended to edit the config file each new certificate :-D ).
I think this patch is useful at least when dealing with SPKAC and PKCS#10
(not IE, I suppose it has some problem importing certificates with DN
different from the one submitted in the req) requests -- gives you the
chance not to change the code you already have for certificate requesting,
also could help enforcing a correct policy within your CA.
At least to me...
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
smime.p7s
Description: S/MIME Cryptographic Signature
