[Djigzo users] Subject distinguished name is not from a permitted subtree

Fri, 20 Nov 2015 02:54:07 -0800 

Hello,
today we discover a certificate in our Ciphermail certificate store which is not usable for encryption because of the error "Error building certPath. Subject distinguished name is not from a permitted subtree". Indeed there are name constraints in a sub-CA used but i can not figure out what the actual problem is because it actually should match the mailadress with is [email protected] 

This is from the upper level issuing CA:

Zugelassen
     [1]Unterstrukturen (0..Max):
          RFC822-Name=.ach-llc2.com
     [2]Unterstrukturen (0..Max):
          RFC822-Name=.cotarko.com
     [3]Unterstrukturen (0..Max):
          RFC822-Name=.european-llp.com
     [4]Unterstrukturen (0..Max):
          RFC822-Name=.first-aquitaine.com
     [5]Unterstrukturen (0..Max):
          RFC822-Name=.fmcc.ch
     [6]Unterstrukturen (0..Max):
          RFC822-Name=.ford-alliance.com
     [7]Unterstrukturen (0..Max):
          RFC822-Name=.ford.com
     [8]Unterstrukturen (0..Max):
          RFC822-Name=.fordcredit.com
     [9]Unterstrukturen (0..Max):
          RFC822-Name=.forsonordic.com
     [10]Unterstrukturen (0..Max):
          RFC822-Name=.lincoln.com
     [11]Unterstrukturen (0..Max):
          RFC822-Name=.lincolnafs.com
     [12]Unterstrukturen (0..Max):
          RFC822-Name=.troydm.com
     [13]Unterstrukturen (0..Max):
          RFC822-Name=.volvoautobank.de
     [14]Unterstrukturen (0..Max):
          RFC822-Name=ach-llc2.com
     [15]Unterstrukturen (0..Max):
          RFC822-Name=cotarko.com
     [16]Unterstrukturen (0..Max):
          RFC822-Name=european-llp.com
     [17]Unterstrukturen (0..Max):
          RFC822-Name=first-aquitaine.com
     [18]Unterstrukturen (0..Max):
          RFC822-Name=fmcc.ch
     [19]Unterstrukturen (0..Max):
          RFC822-Name=ford-alliance.com
     [20]Unterstrukturen (0..Max):
          RFC822-Name=ford.com
     [21]Unterstrukturen (0..Max):
          RFC822-Name=fordcredit.com
     [22]Unterstrukturen (0..Max):
          RFC822-Name=forsonordic.com
     [23]Unterstrukturen (0..Max):
          RFC822-Name=lincoln.com
     [24]Unterstrukturen (0..Max):
          RFC822-Name=lincolnafs.com
     [25]Unterstrukturen (0..Max):
          RFC822-Name=troydm.com
     [26]Unterstrukturen (0..Max):
          RFC822-Name=volvoautobank.de
     [27]Unterstrukturen (0..Max):
          DNS-Name=ford.com
     [28]Unterstrukturen (0..Max):
          Verzeichnisadresse:
               S=Michigan
               L=Dearborn
               O=Ford Motor Company
               C=US
     [29]Unterstrukturen (0..Max):
          Verzeichnisadresse:
               DC=ford
               DC=com
Ausgeschlossen
     [1]Unterstrukturen (0..Max):
          IP-Adresse=0.0.0.0
          Maske=0.0.0.0
     [2]Unterstrukturen (0..Max):
          IP-Adresse=0000:0000:0000:0000:0000:0000:0000:0000
          Mask=0000:0000:0000:0000:0000:0000:0000:0000


Any idea what could be wrong here?

Thanks

Andreas


_______________________________________________
Users mailing list
[email protected]
https://lists.djigzo.com/lists/listinfo/users






















					Reply via email to