On Mon, Dec 06, 2004, Suso Banderas wrote: > > > So, after checking the subject in the CSR cert, I sent them the same > CSR that I sent them through the web form. Within an hour I got a new > certificate with the same problem as before, it had the subject that was > not from the CSR, but from their own database. > > So now I'm wanting to double check myself. Are CAs supposed to be > using the CSRs for the subject in the cert that you get back? What do > you all think about this situation? >
Some CAs completely ignore the information in the CSR and just use it for proof of possession of the private key. Others include additional DN components, reorder or reencode the existing ones or delete them: openssl itself can do this. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]