On 08/18/2017 08:48 AM, Jeffrey Walton wrote:
It is coming down that I would need a unique cnf for each cert type, rather
than one per signing CA. Things just don't work well without prompting or
very consistent DN content. So I am going to pull most of my. ENV. I am
leaving it in for dir
On 08/18/2017 08:46 AM, Salz, Rich via openssl-users wrote:
This has been a long email thread. Can you open a github issue and summarize
the improvements you think we should make?
Thanks.
And thanks for your patience!
When I get through the "lessons learned" step, I will ask you how to
On Fri, Aug 18, 2017 at 08:48:07AM -0400, Jeffrey Walton wrote:
> If this is a private PKI, then you can do things like that.
>
> But I believe you need a distinguished name if you are following the
> RFCs. Maybe you can modify your script to stuff the principal name
> from the SAN in the DN
> It is coming down that I would need a unique cnf for each cert type, rather
> than one per signing CA. Things just don't work well without prompting or
> very consistent DN content. So I am going to pull most of my. ENV. I am
> leaving it in for dir and SAN.
>
> I feel it is a bug that if in
This has been a long email thread. Can you open a github issue and summarize
the improvements you think we should make?
Thanks.
And thanks for your patience!
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Jakob had it right
On 08/17/2017 07:01 PM, Jakob Bohm wrote:
Given all these problems with the Distinguished Name prompting
mechanism, just add the -subject option to the req command line
(using appropriate environment variables in the shell script).
Enjoy
Jakob
It is coming down that
