Is there a doc somewhere that explains the differences between ca and x509 ?
I was signing client side certificates with:
openssl ca -passin pass:$ROOTCAPASS -batch -config openssl.cnf
-days 365 -keyfile private/root-ca-key.pem -cert root-ca-crt.pem -in
person/$1/$1-req.pem -out person/$1/$1-crt.pem
Only to find out that email address was getting stripped out and
prevented the use of 'SSLUserName SSL_CLIENT_S_DN_Email' inside
apache.
Now I am using x509 which make apache happy:
openssl x509 -req -passin pass:$ROOTCAPASS -days 365 -CAkey
private/root-ca-key.pem -CA root-ca-crt.pem -CAcreateserial -in
person/$1/$1-req.pem -out person/$1/$1-crt.pem
( Perhaps it is really a problem with my openssl.cnf but not sure
which option to configure )
-Thanks
Stephen More
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
