I'm not sure about you guys, but I find this very annoying 2009/8/17 <postmas...@next-motion.de>
> Dies ist eine automatisch erstellte Benachrichtigung +APw-ber den > Zustellstatus. > > +ANw-bermittlung an folgende Empf+AOQ-nger fehlgeschlagen. > > c...@next-motion.de > > > > > Final-Recipient: rfc822;c...@next-motion.de <rfc822%3...@next-motion.de> > Action: failed > Status: 5.2.2 > X-Display-Name: Carsten Breitbarth - next.motion OHG > > > > ---------- Forwarded message ---------- > From: Serge Fonville <serge.fonvi...@gmail.com> > To: openssl-users@openssl.org > Date: Mon, 17 Aug 2009 18:20:37 +0200 > Subject: Re: Creating certificates > What does your openssl.cnf look like, since it is used in the req? > > On Mon, Aug 17, 2009 at 6:00 PM, Gerald Iakobinyi-Pich <nutri...@gmail.com > > wrote: > >> Hy, >> >> So my end goal is to have a CA, which I can use to sign certificates. I >> have set up a CA, that was not that hard. But now I want to create >> certificates signed by my CA, and I want to provide the subject from the >> command line. I don't want it to be read from the openssl.cnf. That is >> because I have to create more certificates, and I do not want to modify the >> opennssl.cnf, for each of them. >> >> I have tried to create certificates, signed by my CA, and the subject >> information was provided in the openssl.cnf file. That I have succeeded. >> >> Then I have tried to provide the subject information from the command >> line, and that I have failed. And I have verified the contents of the >> certificate, and the subject was not what I have specified in the command >> line, but what was found in the config file. >> >> So it looks to me like if this option: -subj >> "/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test Certificate" is ignored, and >> like openssl tries to read this info from the config file, and I do not >> understand why :(. >> >> >> Regards, >> Gerald >> >> >> >> On Mon, Aug 17, 2009 at 6:31 PM, Serge Fonville <serge.fonvi...@gmail.com >> > wrote: >> >>> Hi, >>> >>> I assume you have done a lot of googling and have read the docs >>> extensively. >>> >>> First, what is your end goal? >>> Since creating a certificate and having it signed by your own CA is not >>> that difficult. >>> What resources have you consulted. >>> What have you already tried. >>> Have you looked at the resulting certificate to verify its contents >>> >>> Regards, >>> >>> Serge Fonville >>> >>> On Mon, Aug 17, 2009 at 4:41 PM, Gerald Iakobinyi-Pich < >>> nutri...@gmail.com> wrote: >>> >>>> Hello, >>>> >>>> I am trying to create a certificate, on win, and I am having some >>>> troubles with OpenSSL. First I generate a key. That's ok. Then I create a >>>> request: >>>> >>>> openssl req -config .\openssl.cnf -subj >>>> "/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test Certificate" -new -days >>>> 365 >>>> -key ..\demo_store\private\private_key_client.pem -outform PEM -out >>>> ..\demo_store\request\req_server.csr -passin pass:pass >>>> >>>> Then I want to sign this: >>>> openssl x509 -inform PEM -req -in ..\demo_store\request\req_server.csr >>>> -outform DER -out ..\demo_store\certs\cert_server.der -CAform DER -CA >>>> ..\demo_store\certs\ca_cert.der -CAkeyform PEM -CAkey >>>> ..\demo_store\private\ca_private_key.pem -CAcreateserial >>>> >>>> And the message printed out is: >>>> Loading 'screen' into random state - done >>>> Signature ok >>>> subject=/C=RO >>>> Getting CA Private Key >>>> >>>> >>>> Now, what disturbs me, is that it seems that the subject I have provided >>>> with "-subj" in the first "openssl req" command has been ignored. >>>> Why is that happening? What am I doing wrong? >>>> >>>> Thanks, >>>> Gerald >>>> >>>> >>>> >>> >> > >
