certificate signing using CA application - 0.9.8l (Mac OS X) vs 1.0.0 (RHEL6)

Mon, 06 Dec 2010 14:16:25 -0800 

Hi all!

Some code was working on OpenSSL < 1.0.0 and now have troubles working on 1.0.0 
(which comes with RHEL6).

Here are test case:

#!/bin/sh

mkdir private
echo 10 > serial
touch index.txt
mkdir newcerts

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out 
cacert.pem -days 365 -config ./openssl.cnf -subj '/O=NOVA ROOT/L=Mountain 
View/ST=California/C=US/' -batch -nodes
openssl genrsa -out private/1.key 1024
openssl req -new -key private/1.key -out 1.csr -batch -subj 
'/CN=cloud-2010-12-03T20:26:28Z/OU=NovaDev/O=AnsoLabs/L=Mountain 
View/ST=California/C=US'
openssl ca -batch -out 1.crt -config ./openssl.cnf -infiles 1.csr

# Debug
openssl x509 -in cacert.pem -noout -subject -nameopt multiline,show_type
openssl req -in 1.csr -noout -subject -nameopt multiline,show_type

Running above code on RHEL6 will give you an error:
The stateOrProvinceName field needed to be the same in the
CA certificate (California) and the request (California)
subject= 
    organizationName          = PRINTABLESTRING:NOVA ROOT
    localityName              = PRINTABLESTRING:Mountain View
    stateOrProvinceName       = PRINTABLESTRING:California
    countryName               = PRINTABLESTRING:US
subject=
    commonName                = UTF8STRING:cloud-2010-12-03T20:26:28Z
    organizationalUnitName    = UTF8STRING:NovaDev
    organizationName          = UTF8STRING:AnsoLabs
    localityName              = UTF8STRING:Mountain View
    stateOrProvinceName       = UTF8STRING:California
    countryName               = PRINTABLESTRING:US

However, I had no problems running that code on Mac OS X (and hopefully all 
other OpenSSL versions < 1.0.0):
Certificate is to be certified until Dec  6 21:32:09 2011 GMT (365 days)

Write out database with 1 new entries
Data Base Updated
subject= 
    organizationName          = PRINTABLESTRING:NOVA ROOT
    localityName              = PRINTABLESTRING:Mountain View
    stateOrProvinceName       = PRINTABLESTRING:California
    countryName               = PRINTABLESTRING:US
subject=
    commonName                = PRINTABLESTRING:cloud-2010-12-03T20:26:28Z
    organizationalUnitName    = PRINTABLESTRING:NovaDev
    organizationName          = PRINTABLESTRING:AnsoLabs
    localityName              = PRINTABLESTRING:Mountain View
    stateOrProvinceName       = PRINTABLESTRING:California
    countryName               = PRINTABLESTRING:US

The question is: what should I change in my code to get it working on newest 
OpenSSL release?

Andrey.

Reply via email to