Dr. Stephen Henson wrote:
On Mon, Nov 24, 2003, Michael Bell wrote:

some people ask me how to create the following subject for certificates:

cn=abc + serialNumber=123,o=company,c=de

It is no problem to insert this subject to the -subj option of "openssl ca" but the sourcecode looks like OpenSSL ca uses "abc + serialNumber=123" as value. Is this correct and if yes is there a way to issue certificates with mutlivalued attributes in RDNs?

Yes but you need OpenSSL 0.9.8-dev for this.

It doesn't (yet) work with -subj but if you use the config file for 'req' and
make the first character of a DN component '+' it should create a multivalued
RDN correctly.

-subj in ca.c is important for me. So I start reading the code. I dug in req.c and it looks for me like mval signals as the last argument to X509_NAME_add_entry_by_NID that this is not a new RDN only an addition to the last RDN. Does this be correct?


If yes then I start fixing "-subj" for ca.c or better I'm fixing do_subject which is used by req.c too.

Best regards

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to