On Fri, 12 Mar 2004, Adam Tresch wrote: > >How can one create a CA certficiate so that the DN does not contain the > >E-mail address, but the alternate name does? > > as i remember there is a config option in the ca.conf file.
I know and I set as follows: ###################### ## support for PKIX ## ###################### SET_REQUEST_SERIAL_IN_DN "N" REQUEST_SERIAL_NAME "sn" SET_CERTIFICATE_SERIAL_IN_DN "N" CERTIFICATE_SERIAL_NAME "serialNumber" DN_WITHOUT_EMAIL "Y" AUTOMATIC_SUBJECT_ALT_NAME "Y" DEFAULT_SUBJECT_ALT_NAME "Email" UNIQUE_DN "YES" Still, when filling out the forms the E-mail address is added to the DN. If I edit the DN and delete the E-mail part, there won't be an alternate name generated with the E-mail address. If I leave the DN as is, there will be a proper alternate name generated but the DN contains the E-mail address. Best regards, Jozsef -- E-mail : [EMAIL PROTECTED], [EMAIL PROTECTED] PGP key: http://www.kfki.hu/~kadlec/pgp_public_key.txt Address: KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
