OTR Comm wrote:
>
> Hello,
>
> Does anyone know why it is that when I have a (req.pem type) certificate
> request from Internet Explorer and sign off on it with:
>
> $SSL/openssl base64 -d < $DIR/req | $SSL/openssl req -config
> /ssl/acaci/acaci-openssl.cnf \
> -inform der -text > $DIR/req.pem
>
> I get extraneous information in the Subject field like so:
>
> \x00S\x00o\x00f\x00t\x00w\x00a\x00r\x00e
>
> where this is supposed to be 'Software'
>
> What causes the '\x00's to be written?
>
> It works fine if I sign off on a (req.raw type) certificate request from
> Netscape with:
>
> $SSL/openssl ca -verbose -policy policy_anything -spkac $DIR/req.raw \
> -config /usr/local/ssl/lib/acaci-openssl.cnf \
> -out
> /usr/local/apache/share/htdocs/acaci.com/htdocs-442/${SESSIONID}.ucert
>
This is because the request contains a BMPString which is encoded with
16 bit characters. You probably included characters outside the
PrintableString set in that field (e.g. &, @). There is an option in
Xenroll to use T61Strings (can't recall its name...) which may help or
just keep to the PrintableString set.
OpenSSL should handle this properly but it doesn't (yet). It will sign
the request OK but wont convert string types and it prints out the
characters in this weird form.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
