> it is possible to an extent in the policy against each DN field you have > either match,supplied or optional. match indicates that the organisation > field in the CSR should match with default value, supplied takes > whatever is supplied and optional means the field need not be there. so > if you set organization name to match and set default to your > organizations name it won't issue a certificate if the supplied doesn't > match the default > > may be there is another way but this is what i know.
I'll have to use this method for now. If you (or anyone else) hears of a better way to do it, I'd really like to know. Is there any good reference material that explains each and every option in openssl.conf? Thanks. Tim -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tim Gustafson - [EMAIL PROTECTED] http://www.falconsoft.com/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Share your knowledge - it's a way to achieve immortality. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- You need only two tools. WD-40 and duct tape. If it doesn't move and it should, use WD-40. If it moves and shouldn't, use the tape. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
