[Openca-Users] OpenCA Common Name characters - General information

[Chris Covell]

Guys,

our OpenCA 0.9.1-7 deployment requires that external users request their own 
certificates so we have little control over the Common Name entered by the 
user. As part of our testing we have noted a number of problems caused by 
specific characters when included within the CN, see below.

1) Fully acceptable characters are a..z, A..Z, 0..9, "space" ' $ & % ( ) * ! @ 
. :

2) comma (,) and semi-colon (;) cause the MS Enhanced CSP to fail generating a 
CSP (although they are accepted by the OpenCA character verification when 
filling in the form). Note comma (,) is accepted by Netscape.

3) hash (#) causes an error in OpenCA the CSP is generated but not correctly 
handled by OpenCA (during gen_csr) which hangs during the request submission. 
We have checked the apache and ssl logs which show nothing.

4) UK pound (�) is accepted but encoded. With IE the encoding is \C3\82\C2\A3 
and Netscape the encoding is \C2\A3. In both cases certificates that have a 
CN containing a � character fail to write to OpenLDAP.

Obviously there is a problem with the # character which I think constitutes a 
code defect.

I just wanted to let you know that we have seen these problems. I can't see 
any reference to updates in the 0.9.2 series, so they may well be that this 
series has the same issues.

Chris...



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users