Suso Banderas wrote:
Can anyone respond to this? At least to let me know that I am thinking along the right track? Is there any expectation that the CA should be using the subject from the CSR that the customer sends?
I think the "standard model" is that the CA rejects requests until the client sends one that is acceptable to it. Perhaps they are just optimizing this process.
The bottom line is that the CA will sign the things it is willing to sign, and will not sign the things it is NOT willing to sign, and there is no way around this.
-- "An Internet-connected Windows machine is tantamount to a toddler carrying a baggie of $100 bills down a city street..."
Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
