On 12/15/2011 11:01 PM, Mick wrote:
Hi All,
I've generated a cakey.pem and cacert.pem on my PC. Uploaded the cacert.pem
to my router and used its gui to generate a CSR.
When I try to sign this CSR file back on my PC I'm getting this error:
=====================================
$ openssl ca -config ./openssl_VPN.cnf -days 1095 -cert cacert_VPN.pem -keyfile
VPN_CA/private/cakey_VPN.pem -infiles certificate-router-request
Using configuration from ./openssl_VPN.cnf
Enter pass phrase for VPN_CA/private/cakey_VPN.pem:
Check that the request matches the signature
Signature ok
The stateOrProvinceName field needed to be the same in the
CA certificate (Buckinghamshire) and the request (Buckinghamshire)
=====================================
I don't understand why I get this error. Both cacert and certificate-router-
request files contain exactly the same ST= field. The cacert_VPN.pem shows:
Issuer: C=GB, ST=Buckinghamshire, L= [snip ...]
Subject: C=GB, ST=Buckinghamshire, L= [snip ...]
and the CSR shows:
Subject: C=GB, ST=Buckinghamshire, L= [snip ...]
Try repeating those output commands with the option
-nameopt multiline,show_type
to determine if the two disagree on the character encoding,
spacing or other subtle aspect of the ST= part of the name.
If it turns out to be such a subtle difference, please report
it back to the list as a bug in the
Under the CA policy options in the configuration file I have:
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
but given that the entries are the same, I am not sure why I get this error.
Any suggestions?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org