Hi all! Some code was working on OpenSSL < 1.0.0 and now have troubles working on 1.0.0 (which comes with RHEL6).
Here are test case: #!/bin/sh mkdir private echo 10 > serial touch index.txt mkdir newcerts openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf -subj '/O=NOVA ROOT/L=Mountain View/ST=California/C=US/' -batch -nodes openssl genrsa -out private/1.key 1024 openssl req -new -key private/1.key -out 1.csr -batch -subj '/CN=cloud-2010-12-03T20:26:28Z/OU=NovaDev/O=AnsoLabs/L=Mountain View/ST=California/C=US' openssl ca -batch -out 1.crt -config ./openssl.cnf -infiles 1.csr # Debug openssl x509 -in cacert.pem -noout -subject -nameopt multiline,show_type openssl req -in 1.csr -noout -subject -nameopt multiline,show_type Running above code on RHEL6 will give you an error: The stateOrProvinceName field needed to be the same in the CA certificate (California) and the request (California) subject= organizationName = PRINTABLESTRING:NOVA ROOT localityName = PRINTABLESTRING:Mountain View stateOrProvinceName = PRINTABLESTRING:California countryName = PRINTABLESTRING:US subject= commonName = UTF8STRING:cloud-2010-12-03T20:26:28Z organizationalUnitName = UTF8STRING:NovaDev organizationName = UTF8STRING:AnsoLabs localityName = UTF8STRING:Mountain View stateOrProvinceName = UTF8STRING:California countryName = PRINTABLESTRING:US However, I had no problems running that code on Mac OS X (and hopefully all other OpenSSL versions < 1.0.0): Certificate is to be certified until Dec 6 21:32:09 2011 GMT (365 days) Write out database with 1 new entries Data Base Updated subject= organizationName = PRINTABLESTRING:NOVA ROOT localityName = PRINTABLESTRING:Mountain View stateOrProvinceName = PRINTABLESTRING:California countryName = PRINTABLESTRING:US subject= commonName = PRINTABLESTRING:cloud-2010-12-03T20:26:28Z organizationalUnitName = PRINTABLESTRING:NovaDev organizationName = PRINTABLESTRING:AnsoLabs localityName = PRINTABLESTRING:Mountain View stateOrProvinceName = PRINTABLESTRING:California countryName = PRINTABLESTRING:US The question is: what should I change in my code to get it working on newest OpenSSL release? Andrey.