Hello, all. I've heard some discussion of people using OpenCA with
domain components instead of O= C=. We've gotten most of that working
but have a problem where whatever routine is parsing the input from the
browser_req.xml generated form is setting both values to the first dc
setting. To clarify, I am allowing the cert requester to choose the
domain components from a drop down rather than appending the base rdn
values. This is for a multi-client environment where not everyone is
dc=mycompany,dc=com.
As a result, when they fill in something like dc=ssiservices,dc=biz, the
CSR comes out as dc=ssiservices,dc=ssiservices. I'm having the same
problem with allowing multiple ou fields on the form.
I suspect the problem was that the names of the html fields were the
same (duh!) so I changed the names to something like dc_1 and dc_2 and
tried adding the <valueType> tag, e.g., <valueType>dc</valueType> to
such fields. I thought that would be the solution for sure and was
thrilled when the DN displayed properly on the confirmation page but,
alas, I received an error when generating the CSR:
(OpenCA::REQ->new: Cannot create new request. Backend fails with
errorcode 7712013. OpenCA::OpenSSL->genReq: Cannot build X500::DN-object
from subject CN=nopub2, OU_1=OfficeUsers, DC_1=ssiservices, DC_2=biz)
It appears the parser is indeed using the name tag to determine the
field type! Of course, this creates a problem anytime there are multiple
inputs for the same field type. Has anyone cracked this problem? Can
anyone point me to where in the code the dn is compiled? I've looked in
OpenCA::REQ and that seems to take input from elsewhere, maybe
create_csr.sub but that is getting the subject from a file /data/SUBJECT
and I've yet to find out where that is made. HELP!!! Thanks - needed
to do that :) - John
--
John A. Sullivan III
Open Source Development Corporation
Street Preacher: Are you SAVED?????!!!!!!
Educated Skeptic: Saved from WHAT?????!!!!!!
Educated Believer: From our selfishness that hurts the ones we love
and condemns us to an eternity of hurting each other.
http://www.spiritualoutreach.com
Christianity that makes sense
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
