Hello!
I'm creating a small PKI following the guide here:
https://jamielinux.com/docs/openssl-certificate-authority
The intermediate CA cert is created with:
/openssl ca -config $ROOT_CONF -extensions v3_intermediate_ca //-days
3650 -notext -md sha256/
If I then dump the cert, I see that subject line is
/Subject: C = us, ST = ca, O = test, CN = intermediate CA/
I then create the CRL using:
/openssl ca -config $INTRMDT_CONF //-gencrl -out $INTRMDT_CRL/
When I dump the CRL, though, the issuer is
/Issuer: /C=us/ST=ca/O=test/CN=intermediate ca/
When I put my certificate through
https://certificate.revocationcheck.com/, it complains that the CRL
issuer and intermediate CA subject don't match byte for byte.
Is there a way to have both generated with the same formatting? I looked
through my configuration files and couldn't find anything that would
explain the difference. I think it works anyways, but it would be nice
to have them match...
Best regards,
Aram