Hi Stephen,
Thank you for your response.
On 21/09/2006, at 10:08 AM, Dr. Stephen Henson wrote:
On Thu, Sep 21, 2006, James Lever wrote:
I'm trying to work out how to create a multi-value RDN using an
automated openssl.cnf file as per RFC2253. From the RFC, it has this
example:
OU=Sales+CN=J. Smith,O=Widget Inc.,C=US
You precede the relevant line which prompts for or supplies the DN
component
with a '+'. So in the no prompt case if you have:
CN="My Common Name"
it becomes:
+CN="My Common Name"
I've tried that and got the following error:
problems making Certificate Request 9407:error:0B083077:x509
certificate routines:X509_NAME_ENTRY_create_by_txt:invalid field
name:x509name.c:285:name=+OU
I've also tried to specify the nameopt RFC2253 option and also
sep_comma_plus but to no avail. if I use CN=foo+OU=bar it appears to
work, but it is actually putting foo+OU=bar into the CN field, rather
than having two sub fields (as evidenced when I expand OU to be
organizationalUnitName it errors with string too long for the CN).
Is there some other magic that I need to perform to get this to
take? Perhaps I need to sacrifice a chicken first?
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
Thank you for pointing me at the appropriate RFC. This is as I
expected it to be, but needed confirmation.
James Lever
Senior Systems Analyst
--
Strategic Technologies Group (STG)
Information Technology Services (ITS)
The University of Queensland
Brisbane Queensland 4072
Ph: +61 7 336 57342
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
