Lapo,
Lapo Luchini wrote:
Hi.
I'm testing OpenCA and have a few problems understanding a small thing.
Or well, I guess and hope it is small, but I'm quite tired and I can't
see the solution and -thus- it seems big to me ;-)
Well, simply put the question is this:
when I generate a request suing /pub it is created with a DN with only
name and OU, but no O or C;
when I generate the certificate it is not added;
if I modify User.conf policy to have "match" or "supplied" instead of
"optional" it simply doesn't get accepted;
the _default fields in USer.conf seem to be completely ignored (are they
used only for "openssl ca" interactive use from command line?)
What is the best/correct/intended way to automatically add O and C data
to every certificate without editing every one of the requests before
generating the certificate? (and, even editing them, all the fields must
be "moved up" in order to make space for O and C to be the last two,
which is a bit messy)
I am not an expert, but I think you should edit the following
etc/config.xml section:
<option>
<name>ca_organization</name>
<value>YOUR_ORG</value>
</option>
<option>
<name>ca_locality</name>
<value>YOUR_LOCALITY</value>
</option>
<option>
<name>ca_country</name>
<value>YOUR_COUNTRY</value>
</option>
And after that run etc/configure_etc.sh.
Lapo
Jorge
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
