Nicolas Aragon wrote:
>
> Hello,
>
> On 29 Jan 00, at 19:48, Merton Campbell Crockett wrote:
>
> > To date, I have not been able to generate a CSR that is acceptable to the
> > Netscape Certificate Server. All requests are rejected with a "bad DER
> > encoding" error.
>
> I had the same error message from Navigator with a certificate that
> included an underscore in the CN.
>
Yes thats another potential problem. You should keep to the
PrintableString character set[1] (except in emailAddress) if at all
possible. Netscape has problems with some characters but this is hard to
track down: I've known '&' give trouble.
Anything before the latest snapshot of OpenSSL also got the type of
string wrong in anything other then commonName if characters other than
the PrintableString set got used.
[1] PrintableString character set:
A, B, ..., Z
a, b, ..., z
0, 1, ..., 9
(space) ' ( ) + , - . / : = ?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]