Aram Khalili wrote:
>
> Hello,
>
> I'm trying to include domain information into an X.509 cert Distinguished
> name. RFC2247 outlines Using Domains in LDAP/X.500 Distinguished Names.
> I've tried to include domainComponent, DC and dc in the configuration file
> under the [ req_distinguished_name ] section, but it doesn't show up when
> I look at the certificate that's created. Is there support fot this in
> openssl? Is it completely missing? Any ideas or further pointers are
> appreciated, and please email/cc me at [EMAIL PROTECTED] , as I am not on
> openssl-users.
>
Presumably you are using the 'ca' utility to sign the request? Well a
known bug/feature of this program is that any field not explicitly
mentioned in the policy section is silently deleted: see the 'ca' manual
page for more info.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]