Hi! I'm making a csr using the Java tool keytool, I am then going to sign it with the OpenSSL CA-functionality, but I can't. Here is what I get when I try to do so (sign.sh is a script I found with mod_ssl to sign certificates, but I don't think that's the problem):
$ sign.sh Client.csr CA signing: Client.csr -> Client.crt: Using configuration from ca.config Enter PEM pass phrase: Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName :PRINTABLE:'NO' stateOrProvinceName :PRINTABLE:'Hordaland' localityName :PRINTABLE:'Bergen' organizationName :PRINTABLE:'EDB Fellesdata' organizationalUnitName:PRINTABLE:' The string contains characters that are illegal for the ASN.1 type CA verifying: Client.crt <-> CA cert Client.crt: unable to load certificate file 38758:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: CERTIFICATE As I understand it, there is some character in the organizationalUnitName that is not supported. This field has the value "Sikkerhet og arkitektur". I've tried to make the request from scratch, with the same result, so it's not likely I've put in some control character by mistake. Does anyone know what could be wrong? Hope someone does, Chrisitan Rygg ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]