sorry but I contacted openssl-dev and now I'm really sure that you didn't create such a certificate with OpenSSL. Only OpenSSL 0.9.8 can create such certificates and it still cannot do this with "openssl ca -subj". Only "openssl req" of OpenSSL 0.9.8 can create such certificates.
OpenSSL 0.9.7 create a certifcate with common name "testuser+serialNumber=1001". This is slightly different from a RDN with multiple attributes. The output shows an escaped "+" which means that the plus is only a normal character. Even 0.9.8 must be patched to support -subj with the correct behaviour.
Hatas, Zdenek wrote:
Michael,
I generated such certificate. here is my console trace:
-bash-2.05b# openssl req -x509 -newkey rsa:1024 -sha1 -keyout test.key
-out test.pem -nodes
...
Common Name (eg, your name or your server's hostname)
[]:testuser+serialNumber=1001
Here you set the value of the cn to a really special value.
-bash-2.05b# openssl x509 -in test.pem -noout -text -nameopt RFC2253
Certificate: ... Subject: [EMAIL PROTECTED],CN=testuser\+serialNumber=1001,OU=CA,O =Test Org,C=CZ
The plus sign "+" is excaped what means that it is a normal character.
Sorry for the bad news but the only way to ipmlement this is to patch OpenSSL 0.9.8.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
