I'm trying to process a CRQ that came from a hardware appliance, and its
apparently missing its country code.
$ openssl ca -out tomcat-cert.pem -days 3650 -config ./openssl.cnf
-infiles tomcat_crq.pem
Using configuration from ./openssl.cnf
11516:error:0E06D06C:configuration file routines:NCONF_get_string:no
value:/on10/build-nd/G10U8B6/usr/src/common/openssl/crypto/conf/conf_lib.c:329:group=CA_default
name=unique_subject
Enter pass phrase for /path-to/pki.test/private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :PRINTABLE:'myhostname'
The mandatory countryName field was missing
I tried adding -subj CN=myhostname.domain.com/OU=Domain\
Test/O=domain.com/C=US/ST=CA/L=My\ City
but it makes no difference. if I dump the CRQ, i'm getting...
$ openssl req -noout -text -in tomcat_crq.pem
Certificate Request:
Data:
Version: 0 (0x0)
Subject: CN=myhostname
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b3:48:f9:79:a.....e:5a:36:dd:69:91:d6:6d:
96:e3:70:80:76:8d:76:1e:2d
Exponent: 3 (0x3)
Attributes:
a0:00
Signature Algorithm: md5WithRSAEncryption
1f:db:d4:00:31:05:.....3:6a:28:46:c4:67:
a2:a2
can I override the Subject on a CRQ signing like this?
oh, if it matters, I'm using the openssl in Solaris 10..
$ openssl version
OpenSSL 0.9.7d 17 Mar 2004 (+ security fixes for: CVE-2005-2969
CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
CVE-2007-5135 CVE-2008-5077 CVE-2009-0590)
I realize this is a rather old release. will a newer one let me
override the location etc ?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
