On Fri, Feb 07, 2003, Steven R. Shourds wrote: > C:\Apache\bin\CA>openssl ca -out cert.pem -config ./openssl.conf -infiles req.pem > Using configuration from ./openssl.conf > Loading 'screen' into random state - done > Enter pass phrase for ./private/cakey.pem: > Check that the request matches the signature > Signature ok > The Subject's Distinguished Name is as follows > organizationName :PRINTABLE:'Perfection Software, Inc.' > organizationalUnitName:PRINTABLE:'https' > localityName :PRINTABLE:'Pembroke Pines' > stateOrProvinceName :PRINTABLE:'Florida' > countryName :PRINTABLE:'US' > > The commonName field needed to be supplied and was missing > > How do I fix this? What am I supposed to put in the policy_match commonName field? > > > [ policy_match ] > countryName = match > stateOrProvinceName = match > organizationName = match > organizationalUnitName = optional > commonName = supplied > emailAddress = optional >
As mentioned in the ca manual page. If the field says "match" it *must* be the same as the issuer certificate. If its "supplied" then it must be present. If "optional" then it may be present but doesn't have to be. So if you don't want to make commonName mandatory in the request you need to set this to "optional". Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
