Robert Hannemann wrote:
issuerAltName copies the subject alternative name of the CA-cert into the extension but several CAs have no subject alternative name. OpenCA uses during the generation of the CA-cert "subjectAltName = email:copy" but if there is no emailaddress in the DN then this option fails.can someone say, why the Extension "X509v3 Issuer Alternative Name" is empty in my User-Certificates ? In the User.ext Configuration File there is a Line:issuerAltName=issuer:copy
The solution is that you must set the subjectAltName of the CA by hand in OPENCADIR/etc/openssl/openssl.cnf before you issue the CA-cert.
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
