Jason A. Pattie wrote:
This is the default configuration of OpenCA. We are comatible with S/MIME v3 and v2 by this way. You can change this behaviour very easily via ca.conf and ra.conf. There is a switch DN_WITHOUT_EMAIL. Change the value from "Y" to "N" and OpenCA doesn't remove the emailaddress from the subject.While upgrading a client to use OpenCA to generate certificates, we ran into a problem. The OpenCA certificates that were generated for the users did not contain e-mail addresses in the Subject. We used the batch processor available in OpenCA to generate certificates for all the users, all at once. OpenCA appeared to place the emailAddress as an X.509 Subject Alternative Name.
I'm not familiar with FreeSWAN or SSHSentinel. So I cannot answer the other questions but perhaps it is the easiest way to change the configuration of OpenCA to get working certs.
Best regards
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany http://www.openca.org
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
