On Fri, 28 May 2004 11:22:42 +0200, Oliver Welter wrote
Hi Ives,
I tried editing servers/pub.conf:
DN_TYPE_BASIC_ELEMENTS "emailAddress" "CN" "OU" "subject_alt_name"
and
DN_TYPE_BASIC_ELEMENT_4 "alt E-Mail" DN_TYPE_BASIC_ELEMENT_4_MINIMUM_LENGTH 7 DN_TYPE_BASIC_ELEMENT_4_REQUIRED "YES"
But as you cant specify the sub_alt_name on the command line and must put it into the extension file (works fine with the batch) I get the error:
(OpenCA::REQ->new: Cannot create new request. Backend fails with errorcode 7712013. OpenCA::OpenSSL->genReq: Cannot build X500::DN-
object from subject [EMAIL PROTECTED],CN=Oliver,
OU=Internet,[EMAIL PROTECTED],O=Technische Universitaet Muenchen,C=Germany).
...skipped
Tell me if I'm wrong, but IMHO C must be not Germany, but DE. C=DE
Anything else is abrakadabra for me (for a while), but "subject_alt_name" in the DN looks a bit suspicious...
The subject_alt_name must be removed from the DN. Nevertheless the subject can contain any number of emailAddresses. E.g.
[EMAIL PROTECTED], [EMAIL PROTECTED], cn=Me, o=Test, c=DE
BTW such a construction does not make much sense because the RFCs only check for the first address if I remember me right.
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
