Re: [openssl-users] sign sub CA issue

Tell the person who created the CSR that the value of the stateOrProvinceName field has to be HK. If that is not possible because the subCA is in a different country you can change your openssl.cnf to allow different values in that field so instead of stateOrProvinceName = match you have to use at

Re: [openssl-users] sign sub CA issue

Please can I have some advise on this query. Regards, Jebran. On Tue, Dec 8, 2015 at 11:18 AM, Mohammad Jebran wrote: > I have to sign a sub-CA through my current root CA using openSSLeverything > I have configured as per instructions but still getting an error that >

Re: [openssl-users] sign sub CA issue

Thanks guys, Its done. ​ Regards, Jebran. On Fri, Dec 11, 2015 at 7:18 PM, Mohammad Jebran wrote: > Please can I have some advise on this query. > > Regards, > Jebran. > > On Tue, Dec 8, 2015 at 11:18 AM, Mohammad Jebran > wrote: > >> I have to sign a

Re: [openssl-users] sign sub CA issue

1. Check if the certificate for your root CA specifies any "path restrictions" or similar that says that it cannot validly sign certificates outside some state or province. Having such restrictions in a root CA is GOOD whenever possible, because it limits the damage that can be done if

[openssl-users] sign sub CA issue

I have to sign a sub-CA through my current root CA using openSSLeverything I have configured as per instructions but still getting an error that "stateorProvanceName field needed to be the same" As mentioned below. *root@machine:~/ImportantCACerts/intermediate# openssl ca -configopenssl.cnf