In general, probably look for PKI tutorial; there should be concepts
associated with CA, x509 (digital certificate)
Erwin
On Fri, Jun 1, 2012 at 9:34 AM, Stephen More stephen.m...@gmail.com wrote:
Is there a doc somewhere that explains the differences between ca and x509
?
I was signing client side certificates with:
openssl ca -passin pass:$ROOTCAPASS -batch -config openssl.cnf
-days 365 -keyfile private/root-ca-key.pem -cert root-ca-crt.pem -in
person/$1/$1-req.pem -out person/$1/$1-crt.pem
Only to find out that email address was getting stripped out and
prevented the use of 'SSLUserName SSL_CLIENT_S_DN_Email' inside
apache.
Now I am using x509 which make apache happy:
openssl x509 -req -passin pass:$ROOTCAPASS -days 365 -CAkey
private/root-ca-key.pem -CA root-ca-crt.pem -CAcreateserial -in
person/$1/$1-req.pem -out person/$1/$1-crt.pem
( Perhaps it is really a problem with my openssl.cnf but not sure
which option to configure )
-Thanks
Stephen More
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
