Hi, > I'm using openca-0.9.2-RC4 > I have a problem with the issuing of the CA certificate, everything > goes fine, but the certificate have this problem, > > Issuer: C=PT,O=LIPCA,CN=LIP Certification Authority > .... > X509v3 extensions: > .... > DirName: CN=LIP Certification Authority,O=LIPCA, C=PT > > In the "DirName" field i have the reverse of the Issuer field, and i > need this two fields have the same. When i make the CSR, if i change > the position of the attributes of the "Issuer" field, then i'm getting > this problem again.
The two fields are identical :) This is only a bug in the output code of OpenSSL. The RFCs require that DirName and issuer are identical and they are identical. OpenSSL's code to print a certificate has some problems due to the old behaviour. We always ask OpenSSL interfaces to output distinguished names in RFC2253 format which is the most common and standardized string representation for ASN.1 distinguished names. The problem is that the implementation of OpenSSL is not really consistent. The DirName is always displayed in the old OpenSSL format. So your certificate is correct. Michael ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
