If you do figure out a way to do it, and decide that you really want to.
Another word of caution is that many apps will puke when you try to
import a cert whose DN doesn't match the CSR. I've seen some apps have
problems even with re-ordering the DN fields, let alone complete
changes.
You're far better off, ensuring that CSRs match the DN format that you
want, rather then trying to change it while signing it.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Richard Levitte -
VMS Whacker
Sent: Friday, September 29, 2006 2:26 AM
To: openssl-users@openssl.org; [EMAIL PROTECTED]
Subject: Re: rewriting Subject to make O=CN?
In message [EMAIL PROTECTED] on Fri, 29 Sep
2006 01:31:32 -0400, Iljun Kim [EMAIL PROTECTED] said:
ij I'd like to make the O equal to the CN while sign the CSR.
ij For example, if the Subject was
ij C=US, O=Example Company, CN=www.example.com,
ij I'd like to issue a cert with
ij C=Us, O=www.exmaple.com, CN=www.example.com.
ij
ij I searched man pages and configuration options, but couldn't figure
it
ij out.
ij
ij Any help would appreciated.
To begin with, there's no way to do that that I know of.
That said, I've a question to you: why? Why on earth would you want
to do that? What does it give you in terms of security and usability?
Quite honestly, that kind of reconstruction (or general messing
around) usually means that someone has misunderstood something about
distinguished names.
Cheers,
Richard
-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte [EMAIL PROTECTED]
http://richard.levitte.org/
When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up.
-- C.S. Lewis
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
