Aaron Smith wrote:
> We have been using OpenSSL to generate certificates for various
> applications here with a home grown CA (created using openssl ca). We
> recently started upgrading our servers from Redhat 7.3 to RHEL 3.0. The
> machine that used to house the CA directories used openssl version
> 0.9.6b (RedHat RPM) and the new machine uses openssl version 0.9.7b
> (again, RedHat RPM). I tar'ed up the CA directories from the old
> machine and plopped them onto the new machine. When I attempted to
> revoke a certificate (by "openssl ca -revoke certfile.pem"), I received
> the following error:
>
> ERROR:name does not match <certificate DN here>
Maybe it's something to do with Email-Addresses in
the DN? From 0.9.6 to 0.9.7 the entry output of
openssl changed from "Email" to "emailAddress"
so it could be that you have to change this in
the "index.txt" file of OpenSSL.
Just a guess...
Cheers, Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Consultant, Consulting GmbH
Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED]
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
