Rodney Thayer wrote:
>
> I want to create a root certificate and a server certificate
> with openssl. These will be used with iPlanet Web Server 4.1
>
> I created the root, using CA.pl. I then created a certificate
> request with the web server, signed and installed the root
> and the server certificate.
>
> This doesn't work. The web server refuses to start. I see these
> problems:
>
> in the log it claims there is a missing attribute field in the server
> sert (errors.log for the web server)
>
> in the certificate management area of the web server the root shows up as a
> 'client root', whatever that means.
>
> So what fields must be set in a root? I might be missing some.
> What fields must be set in a server certificate?
>
> I tried looking in the email archives but none of the searchable
> archives helped much looking for this. Pardon me if this has been
> answered before. Note: there's no "download the archive as one
> big slab of text" archive, so I couldn't do extreme search techniques...
>
This sounds like a Netscape error and it doesn't like something about
the server cert. Perhaps a field is present in the request and not in
the server cert and it checks for that?
The 'ca' program which is what does the signing with CA.pl silently
deletes any fields no present in the relevant policy section of the
configuration file. You can try messing around with that or using the
preserve option to keep all the fields (see ca manual page).
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]