Hi Om, why do you want to deal with it? What is your expected behaviour?
OpenXPKI creates certificates based on the profiles defined and usually a CA enforces the subject. If you expect a 1:1 copy of the subject you need to modify the profile do take all components from the CSR. Oliver Am 02.07.20 um 08:07 schrieb Om Parkash: > Hi, > > Whenever i request a certificate from SCEP service, OpenXPKI adds some > default attributes. If i mention my values in my CSR then they are > overwritten by the SCEP service. > * > * > *=============================* > *My CSR* > *=============================* > I created the CSR for > openssl req -new -key my.key -subj "/DC=ABC/DC=XYZ/CN=device-1" -out my.csr > > *============================= > * > *Response from SCEP service* > *=============================* > sscep: found certificate with > subject: '/DC=org/DC=OpenXPKI/DC=Test Deployment/CN=device-1' > request_subject: '/DC=ABC/DC=XYZ/CN=device-1' > X509_NAME_cmp() workaround: strcmp request subject > (/DC=ABC/DC=XYZ/CN=device-1) to cert subject > (/DC=org/DC=OpenXPKI/DC=Test Deployment/CN=device-1) > *sscep: Subject of our request does not match that of the returned > Certificate! > *sscep: certificate written as my.crt > > How can I deal with this issue? > > Regards > Om Parkash > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
