I solved this a little while ago. 'openssl ca' defaults to unique DNs, but can be made work ilke you want with the configuration option 'unique_subject' See the docs at http://www.openssl.org/docs/apps/ca.html#CONFIGURATION_FILE_OPTIONS as well as usage examples in.
Note that when after the first use, you will see a file index.txt.attr alongside with index.txt, which will contain the setting for unique_subject. After that, it doesn't matter what you have in your configuration file. This is to avoid messups if the configuration file is edited and unique_subject is changed. And oh, the change is for 0.9.8 and on only. [EMAIL PROTECTED] - Wed Oct 2 14:41:16 2002]: > Hi, > > I modified a patch which I received from Christophe Bailleux > <[EMAIL PROTECTED]>. The original patch simply deactivate all parts of > OpenSSL which checks for a unique DN. > > The attached patch adds an option -nouniqueDN to ca.c. The attached > patch was made from 0.9.7 but it should be applied to the HEAD-branch > because 0.9.7 is frozen. > > The patch requires the use of -nouniqueDN for revocation too. This is > necessary because ca.c tries to build an index from the DNs. > > Any comments? > > Michael -- Richard Levitte [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
