Yes, I need to make a stronger permanent key. I've been playing with
all the various settings trying to figure out what's wrong: this is
about the 7th certificate I've made for this server. :-)
The helpdesk.cis.uab.edu is an alias for the CA server, not for this
email server. But you seem to have spotted that I have that set wrong
somewhere! And now that I think about it, I don't think I need to
specify the alternative names for the CA anywhere.
That error message would be great if it pointed out the real problem,
but I should've spotted that.
Thanks!
Victor Duchovni wrote:
On Fri, Apr 21, 2006 at 07:00:32AM -0500, Fran Fabrizio wrote:
Here's the conf file I used when I generated the request:
[EMAIL PROTECTED] CisCA]# more EmailServer.cnf
[ req ]
prompt = no
distinguished_name = crier.cis.uab.edu
[ crier.cis.uab.edu ]
commonName = crier.cis.uab.edu
stateOrProvinceName = Alabama
countryName = US
emailAddress = [EMAIL PROTECTED]
organizationName = UAB CIS
organizationalUnitName = UAB CIS IT
Wow a 512 bit key! Really unwise. This can be easily brute forced.
You did not mention the
X509v3 Subject Alternative Name:
DNS:helpdesk.cis.uab.edu
When this is present the CN is ignored. The error unfortunately reports
the subject CN, but the real problem is the bogus Alternative Name, you
if this name is also required, list both this name and the desired CN
as Alternative DNS names.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8 (0x8)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=UAB CIS Certificate Authority, ST=Alabama, C=US/[EMAIL
PROTECTED], O=UAB CIS Certificate Authority
Validity
Not Before: Apr 20 19:45:49 2006 GMT
Not After : Apr 19 19:45:49 2011 GMT
Subject: CN=crier.cis.uab.edu, ST=Alabama, C=US/[EMAIL PROTECTED],
O=UAB, OU=CIS
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:bd:00:0e:84:38:3a:69:27:cc:6b:04:68:de:71:
5a:bd:28:60:8b:9d:ef:14:f5:4e:74:be:d5:f7:e0:
38:c9:2f:03:cf:2e:6d:80:bb:af:96:c7:be:4e:a8:
80:f0:aa:e9:db:3a:ae:11:6d:4e:33:a5:ff:9b:a0:
57:45:f6:a7:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:helpdesk.cis.uab.edu
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Signature Algorithm: md5WithRSAEncryption
41:45:8c:df:7d:10:44:c1:47:86:40:20:1e:79:ae:c3:18:3f:
7d:e9:f9:62:18:af:bd:7f:f3:98:4b:cf:e8:c5:26:1a:97:04:
6e:d3:b7:f7:15:92:78:fd:31:90:95:27:71:ad:b4:0f:d6:92:
24:ec:7f:43:60:39:f9:2a:d6:bf:9f:05:e2:35:a5:08:6a:8e:
bb:38:40:1f:7c:fb:7c:92:39:68:41:4c:1b:62:90:b4:2e:b2:
48:89:70:ef:56:a7:8a:d1:5c:98:e9:93:d4:f0:3d:28:27:67:
02:5c:8e:eb:39:eb:40:0d:41:1c:a8:c7:55:22:3b:21:c6:91:
02:e6:96:f6:8f:22:b1:c4:2d:85:e9:73:c9:41:0f:04:b2:be:
08:a2:47:17:2e:61:95:10:76:07:8f:d1:19:ea:d3:82:63:1a:
df:ce:93:c8:90:7f:75:27:ad:42:eb:0d:58:0a:4c:2f:13:21:
7c:d6:7f:6e:cb:b0:59:e8:07:de:6e:05:b9:f1:62:c3:55:b5:
28:88:b9:f3:21:0c:8e:56:f6:d2:e4:81:0f:57:75:02:e1:78:
b2:e1:e2:af:60:8c:52:d7:5f:c6:b5:a5:b3:04:60:fb:e9:75:
e3:18:26:b0:5a:da:3a:1c:fd:56:ff:bc:cb:f5:d4:f3:a6:40:
f4:70:93:ca
-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBkjEmMCQGA1UEAxMdVUFC
IENJUyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAgTB0FsYWJhbWExCzAJ
BgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJzeXNhZG1AY2lzLnVhYi5lZHUxJjAk
BgNVBAoTHVVBQiBDSVMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDQyMDE5
NDU0OVoXDTExMDQxOTE5NDU0OVowejEaMBgGA1UEAxMRY3JpZXIuY2lzLnVhYi5l
ZHUxEDAOBgNVBAgTB0FsYWJhbWExCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkB
FhJzeXNhZG1AY2lzLnVhYi5lZHUxDDAKBgNVBAoTA1VBQjEMMAoGA1UECxMDQ0lT
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL0ADoQ4OmknzGsEaN5xWr0oYIud7xT1
TnS+1ffgOMkvA88ubYC7r5bHvk6ogPCq6ds6rhFtTjOl/5ugV0X2p9MCAwEAAaNB
MD8wHwYDVR0RBBgwFoIUaGVscGRlc2suY2lzLnVhYi5lZHUwCQYDVR0TBAIwADAR
BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEEBQADggEBAEFFjN99EETBR4ZA
IB55rsMYP33p+WIYr71/85hLz+jFJhqXBG7Tt/cVknj9MZCVJ3GttA/WkiTsf0Ng
Ofkq1r+fBeI1pQhqjrs4QB98+3ySOWhBTBtikLQuskiJcO9Wp4rRXJjpk9TwPSgn
ZwJcjus560ANQRyox1UiOyHGkQLmlvaPIrHELYXpc8lBDwSyvgiiRxcuYZUQdgeP
0Rnq04JjGt/Ok8iQf3UnrULrDVgKTC8TIXzWf27LsFnoB95uBbnxYsNVtSiIufMh
DI5W9tLkgQ9XdQLheLLh4q9gjFLXX8a1pbMEYPvpdeMYJrBa2joc/Vb/vMv11POm
QPRwk8o=
-----END CERTIFICATE-----
--
Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama at Birmingham
http://www.cis.uab.edu/
205.934.0653
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
