Hi All, I've generated a cakey.pem and cacert.pem on my PC. Uploaded the cacert.pem to my router and used its gui to generate a CSR.
When I try to sign this CSR file back on my PC I'm getting this error:
=====================================
$ openssl ca -config ./openssl_VPN.cnf -days 1095 -cert cacert_VPN.pem -keyfile
VPN_CA/private/cakey_VPN.pem -infiles certificate-router-request
Using configuration from ./openssl_VPN.cnf
Enter pass phrase for VPN_CA/private/cakey_VPN.pem:
Check that the request matches the signature
Signature ok
The stateOrProvinceName field needed to be the same in the
CA certificate (Buckinghamshire) and the request (Buckinghamshire)
=====================================
I don't understand why I get this error. Both cacert and certificate-router-
request files contain exactly the same ST= field. The cacert_VPN.pem shows:
Issuer: C=GB, ST=Buckinghamshire, L= [snip ...]
Subject: C=GB, ST=Buckinghamshire, L= [snip ...]
and the CSR shows:
Subject: C=GB, ST=Buckinghamshire, L= [snip ...]
Under the CA policy options in the configuration file I have:
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
but given that the entries are the same, I am not sure why I get this error.
Any suggestions?
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
