Dr. Stephen Henson wrote:
On Wed, Jan 18, 2006, Duncan Brannen wrote:
Hi,
I've got a certificate request with the the subjectname
cn=database,cn=OracleContext,dc=st-andrews,dc=ac,dc=uk
I've signed one of these previously with openssl after adding
domainComponent = optional
to the openssl.cnf file under policy_anything.
However, since installing a new version of openssl, the .cnf file now
contains
two additional lines
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
If I uncomment either of these, my signed certificate's subject becomes
dc=st-andrews,dc=ac,dc=uk,cn=dunktest,cn=OracleContext
which is unusable in this case.
Are you sure it actually alters the subject and not just the way it is
displayed?
I'd suggest comparing the two using the 'x509' utility to see if they are
actually any different.
Steve.
Thanks Steve,
It shows as mis ordered using the below commands
# openssl x509 -subject -in newcert.pem -noout
subject= /DC=uk/DC=ac/DC=st-andrews/CN=OracleContext/CN=dunktest
# openssl x509 -subject -in newCA/newcert.pem -noout
subject= /CN=OracleContext/CN=dunktest/DC=uk/DC=ac/DC=st-andrews
I'm assuming here that order is important. It's an oracle wallet I'm
importing into
and the SSL handshake breaks down when I import the new certificate.
Cheers,
Duncan
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
