On Wed, Jun 04, 2003, David Goldberg wrote:
> I am trying to generate a certificate request. The problem I am having
> is that the CSR I generate looks ok when I look at it with the "openssl
> req" command (with the -text option), however when I try to get the CSR
> signed by anything other than openSSL, I get errors complaining about
> the format of the CSR. Specifically I have tried both Verisign and
> Microsoft Certificate Server.
>
> The certificate request itself is below:
>
[stuff deleted]
Well some of the things in there are more than a little odd such as looking up
the attribute NID instead of using it directly. That is why do:
OBJ_txt2nid("commonName");
when
NID_commonName
gets the NID directly.
And calling
X509_NAME_add_entry_by_NID()
would avoid some yuckiness early on...
Then there's that exponent 3 key.
However that probably isn't the problem. Its possible that they want the old
form of the certificate request which ironically has NEW in the headers. To
use that form use the call PEM_write_bio_X509_REQ_NEW().
Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: [EMAIL PROTECTED], PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
