When the -noemailDN flag is used with the openssl ca command, the email address is only removed from the Subject DN, but not the Issuer DN. This leaves self-signed CA certs created with this flag unverifiable, because the DNs do not match.
-- Stefan H. Holek ste...@epy.co.at ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org