Geoff,
Here are the details provided by David:
------------------------------
Using OpenSSL 1.0.0-beta3 15 Jul 2009:
openssl req -out sidr.req -newkey rsa:2048 -keyout sidr.key -config
./openssl.cnf -multivalue-rdn -subj "/CN=SIDR test+serialNumber=4"
openssl ca -in sidr.req -out sidr.pem -config openssl.cnf -preserveDN
NSS 3.12.3:
certutil -N -d temp/
certutil -R -k rsa -g 2048 -s "CN=SIDRtest, dc=example, dc=com" -d
temp/ -o ta.req
certutil -C -i ta.req -x -d temp/ -o ta.cer -m 0
certutil -A -n "SIDRTA" -t "TC,TC,TC" -d temp/ -i ta.cer
certutil -R -k rsa -g 2048 -s "serialNumber=5+CN=SIDR test" -d temp/
-o sidr.req
certutil -C -c "SIDRTA" -i sidr.req -o sidr_NSS.cer -m 8 -d temp/
----------
As for the rescerts I-D, I don't think it needs to change, because it
refers to the arch doc for subject and issuer name conventions.
However, that document is not specific about how to organize the
common name and serial number attributes when they both appear in a
Subject or Issuer name.
We have the option to move the details into the cert profile, or put
more details into the arch doc.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
