On Wed, Aug 17, 2005, Gerd Schering wrote: > Hi, > > when trying to sign a CSR I get the following error: > > Check that the request matches the signature > Signature ok > The Subject's Distinguished Name is as follows > commonName :ASN.1 12:'xxx' > organizationName :ASN.1 12:'xxx' > organizationalUnitName:ASN.1 12:'XXX' > countryName :ASN.1 12:'DE' > stateOrProvinceName :ASN.1 12:'Berlin' > localityName :ASN.1 12:'Berlin' > The countryName field needed to be the same in the > CA certificate (DE) and the request (DE) > > Well, the countryName field is dfinitely the same. > I'm using OpenSSL 0.9.8-dev XX xxx XXXX. > Is this a version issue? >
Are you using an old openssl.cnf format? The ASN.1 12 stuff is indicating a UTF8String. If you use the new format (the name_opt, cert_opt options in CA_default both set to ca_default) you should get this displayed correctly. However back to the original query. The countryName in the two certificates is a different character type, in one it is PrintableString the other UTF8String. The 'ca' utility currently regards those as different. However in countryName only PrintableString is allowed so if you have a certificate request with UTF8String in there it is broken anyway. So that's the main problem: an invalid certificate request. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
