>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
>Sent: Friday, 12 October, 2012 11:51
>As some additional info, I am suspecting this may be an issue with my
config file.
>I am using the same config file I used to set up my certificate authority,
>which has under [ req ] a couple of values plugged in - for one, prompt=no,
>because I didnt want it to prompt me for values. It also has a value filled
in
>for distinguished_name which points to a section called [
ca_distinguished_name ]
>that has the values for commonName, etc, that seem to be getting put into
my CSR.
You didn't say before that you used same config file for CA and entity,
but as I answered Friday, if you have prompt=no in the config it uses
the DN in the config and is NOT overridden by -subj on commandline.
Thus if you have prompt=no and name for CA in config, to do the CA cert
with req -new -x509, and use same config for the entity CSR, the entity
CSR will have the CA name, which is wrong.
>Could this be the issue? Do I need to have a separate config file for
>generating my CSRs than I used for generating my CA cert?
If you want to use prompt=no, yes you need a different config.
If you have prompt=yes and use -subj on *both* commandlines, with the
correct (different) value in each, that should work. And if you omit
-subj it will prompt you and you can enter correct (different) values.
>On Fri, Oct 12, 2012 at 11:22 AM, Derek Cole <derek.c...@gmail.com> wrote:
...
>openssl req -new -nodes -subj "/CN=www.myserver.com" -out /tmp/file.csr
>-keyout /tmp/privkey.csr -config /my/openssl.cnf
...
>openssl req -noout -text -in /tmp/file.csr -config /my/openssl.cnf
...
>It seems like the file is getting created with the common name in the
config
>file intsead of the one I pass it. Does it not overrride the config file?
<snip: Firefox complained about wrong hostname in cert>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
