Hi, I am using openssl 0.9.8g and certtool (GnuTLS 2.4.2) 2.4.2 I am on Debien/Lenny.
I have generate a priv key for my CA, then a cert for this CA. Next, I am signing csr using, this command : /usr/bin/certtool --generate-certificate --load-request ${fqdn}.csr --outfile ${fqdn}.scsr \ --load-ca-certificate /etc/ssl/cert/$(hostname -f)_CA.pem --load-ca-privkey /etc/ssl/private/$(hostname -f)_CA.key \ --template ${fqdn}.info with .info like this (example: www.ppprod.biz.info): cn = www.ppprod.biz country = FR serial = 11 email = dbou...@ppprod.net tls_www_client tls_www_server signing_key encryption_key All seems to be ok, but when I am typing "openssl x509 -text -in www.ppprod.biz.scsr -noout -subject" I see ... subject= /C=\xA8\xAE\x96\xBF\xD44/O=\xA8\xAE\x96\xBF\xD44/OU=\xA8\xAE\x96\xBF\xD44/L=\xA8\xAE\x96\xBF\xD44/ST=\xA8\xAE\x96\xBF\xD44/CN=\xA8\xAE\x96\xBF\xD44/UID=\xA8\xAE\x96\xBF\xD44 And then, when I am using the cert, verify failed. Example, with openvpn: Sun Mar 6 22:55:17 2011 us=224040 VERIFY OK: depth=1, /C=FR/CN=www.ppprod.net Sun Mar 6 22:55:17 2011 us=224503 VERIFY ERROR: could not extract Common Name from X509 subject string ('/C=_xC8_x08_xE2_xBF_xD4_xB4U_x05_xB0_x08_xE2_xBF_xD0_xD5/O=_xC8_x08_xE2_xBF_xD4_xB4U_x05_xB0_x08_xE2_xBF_xD0_xD5/OU=_xC8_x08_xE2_xBF_xD4_xB4U_x05_xB0_x08_xE2_xBF_xD0_xD5/L=_xC8_x08_xE2_xBF_xD4_xB4U_x05_xB0_x08_xE2_xBF_xD0_xD5/ST=_xC8_x08_xE2_xBF_xD4_xB4U_x05_xB0_x08_xE2_xBF_xD0_xD5/CN=_xC8_x08_xE2_xBF_xD4_xB4U_x05_xB0_x08_xE2_xBF_xD0_xD5/UID=_xC8_x08_xE2_xBF_xD4_xB4U_x05_xB0_x08_xE2_xBF_xD0_xD5') -- note that the Common Name length is limited to 64 characters Sun Mar 6 22:55:17 2011 us=224589 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Sun Mar 6 22:55:17 2011 us=224615 TLS Error: TLS object -> incoming plaintext read error Sun Mar 6 22:55:17 2011 us=224637 TLS Error: TLS handshake failed How can I set a correct format for subject field ? Thanks. Dim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org