On Wed, Jun 04, 2003, David Goldberg wrote: > I agree that looking up the attribute NID seems unnecessary. My intial > code called X509_NAME_add_entry_by_NID(), but since that wasn't working > I decided to try an approach more similar to the O'Rielly example which > does the NID lookup (which obviously didn't help). > > Some additional info: > > Verisign does not seem to require the NEW in the header. I tried a > certificate request generated by openssl.exe, without the NEW in the > header, and Verisign had no problems with it. (Obviously I am doing > something a little different from openssl.exe, though I'm not sure > what) > > I talked to Verisign support, and they looked at the CSR and claimed it > was missing the "Common Name" field. I see the CN entry when I dump out > the CSR with openssl.exe, so I don't know if the guy is onto something > or is just confused. > >
Well you might try: Using MD5 as the digest instead of SHA1. Making sure the order of the DN matches the openssl executable order in a request that worked. Using the 65537 exponent instead of 3 for the private key. Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
