Re: Newbie question - Signing CSR's

[Charles B Cranston]

Well, I took dumps of the two certificates (and CSR) that Rohan
provided, and the dates overlap, which might be the IE specific
problem.
At first it looked like the subject DNs were exactly the same
between the two certificates, but upon closer examination the
subject DN for the server certificate lacks the Email=xx tag.
It is a little confusing but I don't know if it is really a
problem for the software (which is harder to confuse!)
=====

ROOT cert:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer:
           C=US, ST=California, L=San Jose,
           O=MG Solutions Class 3 Root CA,
           OU=Security Infrastructure Deployment Engineering (SIDE),
           CN=www.ldapguru.com/[EMAIL PROTECTED]
              =========================================
        Validity
            Not Before: Aug 22 01:39:07 2003 GMT
            Not After : Aug 17 01:39:07 2023 GMT
                        ========================
        Subject:
           C=US, ST=California, L=San Jose,
           O=MG Solutions Class 3 Root CA,
           OU=Security Infrastructure Deployment Engineering (SIDE),
           CN=www.ldapguru.com/[EMAIL PROTECTED]
              =========================================
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:9b:41:b0:77:3b:ca:a4:70:79:c3:ec:ea:44:2d:
=====

SERVER cert:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: md5WithRSAEncryption
        Issuer:
           C=US, ST=California, L=San Jose,
           O=MG Solutions Class 3 Root CA,
           OU=Security Infrastructure Deployment Engineering (SIDE),
           CN=www.ldapguru.com/[EMAIL PROTECTED]
              =========================================
        Validity
            Not Before: Aug 22 02:07:24 2003 GMT
            Not After : Aug 17 02:07:24 2023 GMT
                        ========================  this confuses IE!
        Subject:
            C=US, ST=California,
            O=MG Solutions Class 3 Root CA,
            OU=Security Infrastructure Deployment Engineering (SIDE),
            CN=www.ldapguru.com
               ================  no EMail here!
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:f5:3b:af:5f:3a:05:b9:20:f3:93:14:87:43:76:
=====
Hope this helps.

--
Charles B (Ben) Cranston
mailto: [EMAIL PROTECTED]
http://www.wam.umd.edu/~zben
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]