Hi,
I found a bug in openssl ca. If you set authorityKeyIdentifier to
keyid and issuer always then the keyid will be set correctly but the
issuer is wrong.
Example:
Root-CA -- Sub-Level 1 CA -- Sub-Level 2 CA -- User
If I issue a certificate for a user then the issuer of the CA-cert
is the DN
Michael Bell wrote:
Hi,
I found a bug in openssl ca. If you set authorityKeyIdentifier to
keyid and issuer always then the keyid will be set correctly but the
issuer is wrong.
Example:
Root-CA -- Sub-Level 1 CA -- Sub-Level 2 CA -- User
If I issue a certificate for a user then
Dr S N Henson schrieb:
Michael Bell wrote:
Hi,
I found a bug in openssl ca. If you set authorityKeyIdentifier to
keyid and issuer always then the keyid will be set correctly but the
issuer is wrong.
Example:
Root-CA -- Sub-Level 1 CA -- Sub-Level 2 CA -- User
If I issue
Michael Bell wrote:
Dr S N Henson schrieb:
Michael Bell wrote:
Hi,
I found a bug in openssl ca. If you set authorityKeyIdentifier to
keyid and issuer always then the keyid will be set correctly but the
issuer is wrong.
Example:
Root-CA -- Sub-Level 1 CA --
On 02-03-19 23:05:52 CET, Dr S N Henson wrote:
I can't see how that can happen. The ca command only passes the issuing
CA certificate to the extension routines. It does not have access to any
other CA certificate. It fills in the authority key identifier by
extracting the issuer name of that
Robert Joop wrote:
the user cert has the user CA's DN in the issuer DN (CN=User CA) and
the root CA's DN in the authority key identifier DirName (CN=Test-CA
(G4)), see the attached example.
but the user cert's authority key identifier keyid is the user CA
cert's subject key identifier
