On Fri, Apr 21, 2006 at 07:00:32AM -0500, Fran Fabrizio wrote:
> Here's the conf file I used when I generated the request:
>
> >[EMAIL PROTECTED] CisCA]# more EmailServer.cnf
> >[ req ]
> >prompt = no
> >distinguished_name = crier.cis.uab.edu
> >
> >[ crier.cis.uab.edu ]
> >commonName = crier.cis.uab.edu
> >stateOrProvinceName = Alabama
> >countryName = US
> >emailAddress = [EMAIL PROTECTED]
> >organizationName = UAB CIS
> >organizationalUnitName = UAB CIS IT
>
Wow a 512 bit key! Really unwise. This can be easily brute forced.
You did not mention the
X509v3 Subject Alternative Name:
DNS:helpdesk.cis.uab.edu
When this is present the CN is ignored. The error unfortunately reports
the subject CN, but the real problem is the bogus Alternative Name, you
if this name is also required, list both this name and the desired CN
as Alternative DNS names.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8 (0x8)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=UAB CIS Certificate Authority, ST=Alabama, C=US/[EMAIL
PROTECTED], O=UAB CIS Certificate Authority
Validity
Not Before: Apr 20 19:45:49 2006 GMT
Not After : Apr 19 19:45:49 2011 GMT
Subject: CN=crier.cis.uab.edu, ST=Alabama, C=US/[EMAIL PROTECTED],
O=UAB, OU=CIS
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:bd:00:0e:84:38:3a:69:27:cc:6b:04:68:de:71:
5a:bd:28:60:8b:9d:ef:14:f5:4e:74:be:d5:f7:e0:
38:c9:2f:03:cf:2e:6d:80:bb:af:96:c7:be:4e:a8:
80:f0:aa:e9:db:3a:ae:11:6d:4e:33:a5:ff:9b:a0:
57:45:f6:a7:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:helpdesk.cis.uab.edu
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Signature Algorithm: md5WithRSAEncryption
41:45:8c:df:7d:10:44:c1:47:86:40:20:1e:79:ae:c3:18:3f:
7d:e9:f9:62:18:af:bd:7f:f3:98:4b:cf:e8:c5:26:1a:97:04:
6e:d3:b7:f7:15:92:78:fd:31:90:95:27:71:ad:b4:0f:d6:92:
24:ec:7f:43:60:39:f9:2a:d6:bf:9f:05:e2:35:a5:08:6a:8e:
bb:38:40:1f:7c:fb:7c:92:39:68:41:4c:1b:62:90:b4:2e:b2:
48:89:70:ef:56:a7:8a:d1:5c:98:e9:93:d4:f0:3d:28:27:67:
02:5c:8e:eb:39:eb:40:0d:41:1c:a8:c7:55:22:3b:21:c6:91:
02:e6:96:f6:8f:22:b1:c4:2d:85:e9:73:c9:41:0f:04:b2:be:
08:a2:47:17:2e:61:95:10:76:07:8f:d1:19:ea:d3:82:63:1a:
df:ce:93:c8:90:7f:75:27:ad:42:eb:0d:58:0a:4c:2f:13:21:
7c:d6:7f:6e:cb:b0:59:e8:07:de:6e:05:b9:f1:62:c3:55:b5:
28:88:b9:f3:21:0c:8e:56:f6:d2:e4:81:0f:57:75:02:e1:78:
b2:e1:e2:af:60:8c:52:d7:5f:c6:b5:a5:b3:04:60:fb:e9:75:
e3:18:26:b0:5a:da:3a:1c:fd:56:ff:bc:cb:f5:d4:f3:a6:40:
f4:70:93:ca
-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIBCDANBgkqhkiG9w0BAQQFADCBkjEmMCQGA1UEAxMdVUFC
IENJUyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAgTB0FsYWJhbWExCzAJ
BgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJzeXNhZG1AY2lzLnVhYi5lZHUxJjAk
BgNVBAoTHVVBQiBDSVMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDQyMDE5
NDU0OVoXDTExMDQxOTE5NDU0OVowejEaMBgGA1UEAxMRY3JpZXIuY2lzLnVhYi5l
ZHUxEDAOBgNVBAgTB0FsYWJhbWExCzAJBgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkB
FhJzeXNhZG1AY2lzLnVhYi5lZHUxDDAKBgNVBAoTA1VBQjEMMAoGA1UECxMDQ0lT
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL0ADoQ4OmknzGsEaN5xWr0oYIud7xT1
TnS+1ffgOMkvA88ubYC7r5bHvk6ogPCq6ds6rhFtTjOl/5ugV0X2p9MCAwEAAaNB
MD8wHwYDVR0RBBgwFoIUaGVscGRlc2suY2lzLnVhYi5lZHUwCQYDVR0TBAIwADAR
BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEEBQADggEBAEFFjN99EETBR4ZA
IB55rsMYP33p+WIYr71/85hLz+jFJhqXBG7Tt/cVknj9MZCVJ3GttA/WkiTsf0Ng
Ofkq1r+fBeI1pQhqjrs4QB98+3ySOWhBTBtikLQuskiJcO9Wp4rRXJjpk9TwPSgn
ZwJcjus560ANQRyox1UiOyHGkQLmlvaPIrHELYXpc8lBDwSyvgiiRxcuYZUQdgeP
0Rnq04JjGt/Ok8iQf3UnrULrDVgKTC8TIXzWf27LsFnoB95uBbnxYsNVtSiIufMh
DI5W9tLkgQ9XdQLheLLh4q9gjFLXX8a1pbMEYPvpdeMYJrBa2joc/Vb/vMv11POm
QPRwk8o=
-----END CERTIFICATE-----
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
