|
Hello, I have the following question: Suppose you have CA certificate cacert.pem with the following subjectName: /C=xx/O=aa/O=bb/CN=uu Also you have the following in your openssl.cnf file (is used when CA signs CSRs): [ ca ] default_ca = CA_default [ CA_default ] ... preserve = no # or yes, has no effect during signing procedure :( , I've tried policy = policy_match [ policy_match ] organizationName = match organizationName = match organizationName = match organizationalUnitName = supplied commonName = supplied Now you are trying to sign the request (userreq.csr) with the following subjectName: /O=bb/O=bb/O=aa/OU=ff/CN=Somebody with the following command: openssl ca -in userreq.csr -policy policy_match -extensions user_cert_ext -out newcert.pem (other necessary information is contained in config file) Openssl (v. 0.9.7a) doesn't complain that in fact the subjectName doesn't match the pattern described in config file! First two O=bb both has been matched (why?) Can anybody describe the algorithm which openssl uses when it matches subjectName in CSR against subjectName in CACERT? Or refer me to some source of information. Thank you in advance, Arsen. |
smime.p7s
Description: S/MIME Cryptographic Signature
