On Mon, Nov 24, 2003, Michael Bell wrote:
some people ask me how to create the following subject for certificates:
cn=abc + serialNumber=123,o=company,c=de
It is no problem to insert this subject to the -subj option of "openssl ca" but the sourcecode looks like OpenSSL ca uses "abc + serialNumber=123" as value. Is this correct and if yes is there a way to issue certificates with mutlivalued attributes in RDNs?
Yes but you need OpenSSL 0.9.8-dev for this.
It doesn't (yet) work with -subj but if you use the config file for 'req' and make the first character of a DN component '+' it should create a multivalued RDN correctly.
-subj in ca.c is important for me. So I start reading the code. I dug in req.c and it looks for me like mval signals as the last argument to X509_NAME_add_entry_by_NID that this is not a new RDN only an addition to the last RDN. Does this be correct?
If yes then I start fixing "-subj" for ca.c or better I'm fixing do_subject which is used by req.c too.
Best regards
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]