I am having trouble signing a client key created with
Java's keytool with a CA key created with openssl. I
get the message "The countryName field needed to be
the same in the CA certificate (US) and the request
(US)", which doesn't make sense since they ARE the
same.
I am including a transcript of the process I used so
that maybe someone can tell me where it went wrong.
Thanks for any help!!!
=============================================
TRANSCRIPT FOLLOWS
=============================================
[rich@localhost testssl]$ openssl genrsa -rand -des
-out ca.key 1024
0 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.................++++++
.++++++
e is 65537 (0x10001)
[rich@localhost testssl]$ openssl req -new -x509 -days
365 -key ca.key -out ca.crt
Using configuration from /usr/share/ssl/openssl.cnf
You are about to be asked to enter information that
will be incorporated
into your certificate request.
What you are about to enter is what is called a
Distinguished Name or a DN.
There are quite a few fields but you can leave some
blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name)
[Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty
Ltd]:3Com
Organizational Unit Name (eg, section) []:HR
Common Name (eg, your name or your server's hostname)
[]:mickey
Email Address []:[EMAIL PROTECTED]
[rich@localhost testssl]$ keytool -keystore test
-genkey -alias node1
Enter keystore password: 3com3com
What is your first and last name?
[Unknown]: Richard Hassinger
What is the name of your organizational unit?
[Unknown]: HR
What is the name of your organization?
[Unknown]: 3Com
What is the name of your City or Locality?
[Unknown]: San Francisco
What is the name of your State or Province?
[Unknown]: California
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=Richard Hassinger, OU=HR, O=3Com, L=San
Francisco, ST=California, C=US correct?
[no]: yes
Enter key password for <node1>
(RETURN if same as keystore password):
[rich@localhost testssl]$ keytool -keystore test
-certreq -alias node1 -file node1.crs
Enter keystore password: 3com3com
[rich@localhost testssl]$ openssl ca -config
/openssl.cnf -in node1.crs -out node1.crs.pem -keyfile
ca.key
Using configuration from /openssl.cnf
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName :ASN.1 12:'US'
stateOrProvinceName :ASN.1 12:'California'
localityName :ASN.1 12:'San Francisco'
organizationName :ASN.1 12:'3Com'
organizationalUnitName:ASN.1 12:'HR'
commonName :ASN.1 12:'Richard Hassinger'
The countryName field needed to be the same in the
CA certificate (US) and the request (US)
[rich@localhost testssl]$
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
