Richard,
Yes, I did understand so at first, but it didnt work without it :-(
I simply used domainComponent just as organizationalUnit is used without
definition under new_oids (because, of course, they are NOT NEW_oids),
But, when run, this happened -
Organization (domain) [zzz]:
Organizational Unit [Root CA Services]:
Common Name [www.zzz.com]:
Email Address [[EMAIL PROTECTED]]:
That is, it ignored the domainComponent while prompting. This problem went
away when I defined it. Under new_oids.
Relevent portions of the .cnf: file are -
...
[ policy_anything ]
domainComponent = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
...
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
x509_extensions = v3_ca # The extentions to add to the self signed cert
[ req_distinguished_name ]
domainComponent_default = COM
domainComponent = Domain Component
domainComponent_min = 2
domainComponent_max = 4
0.organizationName_default = zzz
0.organizationName = Organization (domain)
...
I was happy to solve the problem by that probably extraneous oid definition
(time constraints, deadlines and all). But I appreciate that something could
be wrong somewhere. What do you think ?
My openssl is 0.9.4. I cant upgrade easily as I am making scripts around
this and these scripts will be run on a number of servers with
Apache/Mod_SSL with 0.9.4 in continents away by non-techchies. (So, I had to
make do without passin and passout.)
Regards,
Sandipan
----- Original Message -----
From: "Richard Levitte - VMS Whacker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, February 16, 2001 11:18 PM
Subject: Re: New OID in openssl.cnf
> From: "Sandipan Gangopadhyay" <[EMAIL PROTECTED]>
>
> sandipan> I did :
> sandipan> [ new_oids ]
> sandipan> domainComponent=0.9.2342.19200300.100.1.25
>
> Did you understand that you probably do not need to do that? It
> should be built in to OpenSSL.
>
> --
> Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
> Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
> Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
> Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
> Member of the OpenSSL development team: http://www.openssl.org/
> Software Engineer, Celo Communications: http://www.celocom.com/
>
> Unsolicited commercial email is subject to an archival fee of $400.
> See <http://www.stacken.kth.se/~levitte/mail/> for more info.
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
