We have been using OpenSSL to generate certificates for various applications here with a home grown CA (created using openssl ca). We recently started upgrading our servers from Redhat 7.3 to RHEL 3.0. The machine that used to house the CA directories used openssl version 0.9.6b (RedHat RPM) and the new machine uses openssl version 0.9.7b (again, RedHat RPM). I tar'ed up the CA directories from the old machine and plopped them onto the new machine. When I attempted to revoke a certificate (by "openssl ca -revoke certfile.pem"), I received the following error:
ERROR:name does not match <certificate DN here>
The same command worked fine on the old server. The only different in
execution that I see is that, when run on the new server, I get a line
that says
"Using configuration from /usr/share/ssl/openssl.cnf"
which I don't get on the old server. I have an openssl.cnf file in the
CA directory that was just copied from /usr/share/ssl when the CA was
originally created (along with CA.pl).
Is this a compatibility problem between the openssl versions? If so,
is there a way around it or do I need to recreate all of my CA's and
regenerate all of my certificates?
--
-----------------------------------------------------------------
Aaron Smith vox: 269.226.9550 ext.26
Network Director fax: 269.349.9076
Nexcerpt, Inc. http://www.nexcerpt.com
...Nexcerpt... Extend Your Expertise
signature.asc
Description: This is a digitally signed message part
