In general, probably look for PKI tutorial; there should be concepts associated with CA, x509 (digital certificate)
Erwin On Fri, Jun 1, 2012 at 9:34 AM, Stephen More <stephen.m...@gmail.com> wrote: > Is there a doc somewhere that explains the differences between ca and x509 > ? > > I was signing client side certificates with: > openssl ca -passin pass:$ROOTCAPASS -batch -config openssl.cnf > -days 365 -keyfile private/root-ca-key.pem -cert root-ca-crt.pem -in > person/$1/$1-req.pem -out person/$1/$1-crt.pem > > Only to find out that email address was getting stripped out and > prevented the use of 'SSLUserName SSL_CLIENT_S_DN_Email' inside > apache. > > Now I am using x509 which make apache happy: > openssl x509 -req -passin pass:$ROOTCAPASS -days 365 -CAkey > private/root-ca-key.pem -CA root-ca-crt.pem -CAcreateserial -in > person/$1/$1-req.pem -out person/$1/$1-crt.pem > > ( Perhaps it is really a problem with my openssl.cnf but not sure > which option to configure ) > > > -Thanks > Stephen More > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
