-----BEGIN CERTIFICATE REQUEST-----
MIIBhjCB8AIBADBJMQswCQYDVQQGEwJJVDELMAkGA1UECxMCLi4xFTATBgNVBAoT
DGZvbmRpYXJpYXNhaTEWMBQGA1UEAxMNZnc1MzAxLnNhaS5pdDCBnTANBgkqhkiG
9w0BAQEFAAOBiwAwgYcCgYEAyYfOC4JT2spG7UqMP7ZHQAbjexmAoN8EUo9/tRPM
/an4CIMxq/KDv0QEYz5Ic6+CiZh/9vsVZG7Ex4vKpzaRY80WFVdrVucj9v74gvfr
nBtYOVkuc+BbmOBe/0lUc4dHIMDYrwhuTiOchkzz5a7iF8EyHsIN5fKtaSclcHNX
V70CAQOgADANBgkqhkiG9w0BAQUFAAOBgQCjt3ekeqf68wxqrBniHAJiYYAiFeri
41DtIbxAWPWh9D7rO7GYnE2DqTK0IjAkMcCmxO+wh8dR59fRixaSI0MGUCF+1F8h
h8cEywkorWWklolIM65ONqrNU9Qdi/OZ9HX6cKeBV9LKUNU0d+vCGZvJb7umad2Z
x1e1c9+wLpEfJg==
-----END CERTIFICATE REQUEST-----
I created a certificate from this request. I attached the request file which I use. So you can make a diff with the original file. Perhaps I added a newline by copy & paste.
I added a subject alternative name to be able to issue the certificate (DNS:...). The certificate looks like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: [EMAIL PROTECTED],CN=HU-DCA Test 0.9.2,OU=HU-CA,O=HU,C=DE
Validity
Not Before: Dec 19 14:29:17 2003 GMT
Not After : Dec 18 14:29:17 2004 GMT
Subject: serialNumber=2,CN=fw5301.sai.it,O=fondiariasai,OU=bla bla,C=IT
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c9:87:ce:0b:82:53:da:ca:46:ed:4a:8c:3f:b6:
47:40:06:e3:7b:19:80:a0:df:04:52:8f:7f:b5:13:
cc:fd:a9:f8:08:83:31:ab:f2:83:bf:44:04:63:3e:
48:73:af:82:89:98:7f:f6:fb:15:64:6e:c4:c7:8b:
ca:a7:36:91:63:cd:16:15:57:6b:56:e7:23:f6:fe:
f8:82:f7:eb:9c:1b:58:39:59:2e:73:e0:5b:98:e0:
5e:ff:49:54:73:87:47:20:c0:d8:af:08:6e:4e:23:
9c:86:4c:f3:e5:ae:e2:17:c1:32:1e:c2:0d:e5:f2:
ad:69:27:25:70:73:57:57:bd
Exponent: 3 (0x3)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Certificate Policies:
Policy: 1.2.3.3.4
CPS: http://some.url.org/cps
Netscape Cert Type:
SSL Server
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
VPN Server of Humboldt-Universitaet zu Berlin
X509v3 Subject Key Identifier:
39:BC:CE:4D:FD:3D:85:BA:21:E7:97:EB:BF:E6:25:F6:60:95:39:53
X509v3 Authority Key Identifier:keyid:70:CE:F0:DC:D8:2F:8C:6C:B5:85:59:26:C8:84:AD:3A:33:FD:B7:84
DirName:/C=DE/O=HU/OU=HU-CA/CN=HU-DCA Test 0.9.2/[EMAIL PROTECTED]
serial:00
X509v3 Subject Alternative Name:
DNS:fw5301.sai.it
X509v3 Issuer Alternative Name:
email:[EMAIL PROTECTED]
Netscape CA Revocation Url:
http://ra.hu-berlin.de/pub/crl/cacrl.crl
Netscape Revocation Url:
http://ra.hu-berlin.de/pub/crl/cacrl.crl
X509v3 CRL Distribution Points:
URI:http://ra.hu-berlin.de/pub/crl/cacrl.crl
URI:http://ra.hu-berlin.de/pub/crl/cacrl.crl Signature Algorithm: sha1WithRSAEncryption
38:d9:b8:16:c1:a5:dc:18:02:28:3e:8e:c9:91:e6:89:fe:60:
33:8b:21:c8:b3:82:a1:f8:1c:c8:62:0f:11:28:41:f0:0b:e9:
c4:ce:1f:34:e7:00:8d:00:e3:78:e0:d7:c8:c7:9a:f6:dd:48:
2c:73:cc:e1:8b:55:33:9c:28:5a:80:fd:a2:ef:d2:2d:ca:4e:
8a:29:77:0b:96:39:5e:6f:ac:fe:37:ef:06:83:f5:6c:87:4a:
04:8e:a6:49:8a:ac:bd:47:ef:c3:b3:9b:bf:3e:5c:6a:c9:a1:
96:39:1b:e0:d2:5e:e9:e0:d7:ac:ac:ed:ab:5f:07:f5:54:8b:
e5:d0:e0:cf:82:8e:d7:a4:5c:2c:d1:1e:39:8e:dd:73:49:c3:
78:fe:c2:5b:93:29:5e:5e:42:f4:50:66:e8:62:b0:a9:60:0c:
51:60:45:2e:49:dc:8c:e4:65:e0:ea:7d:fb:c0:4a:6e:00:a5:
8b:58:4a:e1:cb:f2:66:18:95:63:fe:90:f1:1b:e1:69:a6:fc:
3a:3a:4d:41:82:8e:6a:0f:80:01:7f:9c:10:dd:e4:53:53:0a:
bf:24:45:a5:cc:db:e7:48:49:ea:80:5d:1c:de:d7:81:d9:f5:
5f:65:98:67:39:e9:be:46:d7:f0:3a:47:ee:da:8f:96:5a:7b:
52:2c:6b:e1:50:6d:17:7f:84:2e:dd:42:d8:86:c9:07:e5:bb:
d3:e9:e2:74:32:77:1f:bc:fc:3a:e0:80:86:eb:01:c8:2b:00:
da:54:56:7d:5f:31:cf:b9:74:fa:e3:bc:43:a1:92:81:bf:ad:
77:81:5b:7d:aa:5f:83:5e:ca:f5:29:0e:1e:e4:02:4e:cf:96:
dc:9d:44:b3:14:51:95:4d:ea:86:2c:c2:8d:f0:15:ea:2c:9c:
44:50:19:3f:6b:8d:84:48:90:01:14:c2:fe:6d:4e:ec:2b:48:
35:45:a3:3e:d4:ec:48:45:0a:d2:48:14:3f:d0:1c:35:60:79:
cc:64:8b:95:b5:84:3e:97:22:92:cb:a6:6f:a3:3f:b8:28:4e:
d3:62:b1:d4:b8:0c:6e:d3:dc:f1:88:03:73:47:05:62:fd:59:
82:73:06:2f:46:12:9b:77:ff:40:cd:60:e4:3b:47:5d:0a:1f:
8b:4c:bd:65:4e:08:ff:23:56:81:3a:c7:e5:5b:c2:66:d0:16:
4c:80:d9:ac:8d:bf:db:81:2f:22:f6:43:3e:c0:d6:38:44:46:
ff:c7:26:bc:3b:94:b3:83:9d:4f:bc:33:28:f8:fe:70:30:f9:
7f:24:a9:35:b8:a8:6f:31:53:02:ee:05:06:a0:74:e2:72:df:
12:a7:57:c1:5c:ee:0a:68To get more debugging output from our OpenSSL module you can do the following:
1. go to crypto-utils.lib (lib/function/)
2. go to function libIssueCertificate
3. go to the position where $ca_token will be defined
4. $ca_token->{DEBUG} = 1;The last step activate the debugging of the OpenSSL module.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
-----BEGIN CERTIFICATE REQUEST----- MIIBhjCB8AIBADBJMQswCQYDVQQGEwJJVDELMAkGA1UECxMCLi4xFTATBgNVBAoT DGZvbmRpYXJpYXNhaTEWMBQGA1UEAxMNZnc1MzAxLnNhaS5pdDCBnTANBgkqhkiG 9w0BAQEFAAOBiwAwgYcCgYEAyYfOC4JT2spG7UqMP7ZHQAbjexmAoN8EUo9/tRPM /an4CIMxq/KDv0QEYz5Ic6+CiZh/9vsVZG7Ex4vKpzaRY80WFVdrVucj9v74gvfr nBtYOVkuc+BbmOBe/0lUc4dHIMDYrwhuTiOchkzz5a7iF8EyHsIN5fKtaSclcHNX V70CAQOgADANBgkqhkiG9w0BAQUFAAOBgQCjt3ekeqf68wxqrBniHAJiYYAiFeri 41DtIbxAWPWh9D7rO7GYnE2DqTK0IjAkMcCmxO+wh8dR59fRixaSI0MGUCF+1F8h h8cEywkorWWklolIM65ONqrNU9Qdi/OZ9HX6cKeBV9LKUNU0d+vCGZvJb7umad2Z x1e1c9+wLpEfJg== -----END CERTIFICATE REQUEST-----
