Sandipan Gangopadhyay wrote:
>
> Hi.
>
> openssl ca performs a signature check on the CSR prior to issuing the
[...]
> the DN that needs to be expanded or modified or marked up by the CA.
[...]
> This feature is essential for openssl to implement what Microsoft (and other
> commercial CAs) call the Enterprise CA mode. Though I needed it for a
> different reason, it seems corporations often need this feature to install
> Digital IDs in clients on their intranets.
There should be the -subj <arg> in the ca command which will let you
issue the certificate using the modified dn (<arg>) instead of the one
within the request.
This is also logical because if you alter the request then it is no more
valid to verification and you cannot state the authenticity of the request.
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
S/MIME Cryptographic Signature
