I am not sending this e-mail as a call for help, but more out of
curiosity.
I generated my own root CA, and when I try to certify my own public key,
I get this error: "The stateOrProvinceName field needed to be the same
in the CA certificate (PA) and the request (PA)"
The problem seems to be the encodings:
openssl req -noout -subject -nameopt show_type,sep_multiline -in
storereq.pem
subject=
C=PRINTABLESTRING:US
ST=PRINTABLESTRING:PA
L=PRINTABLESTRING:Pittsburgh
O=PRINTABLESTRING:Thomson Reuters
OU=PRINTABLESTRING:Exchange Traded Instruments
CN=PRINTABLESTRING:the-server.wks.tfn.com
openssl x509 -noout -subject -nameopt show_type,sep_multiline -in
demoCA\cacert.pem
subject=
C=PRINTABLESTRING:US
ST=UTF8STRING:PA
O=UTF8STRING:Thomson Reuters
OU=UTF8STRING:ETI
CN=UTF8STRING:Dan R
emailAddress=IA5STRING:m...@example.com
As you can see, one is printable and the other is UTF-8. The
certification request was generated by Java's keytool, which is probably
the reason for the different encoding.
But why does the encoding matter?
I'm aware that I can circumvent this problem using "-policy
policy_anything", but is there a cleaner way to do this?
By the way, I'm not the first person to have this problem: a similar
question was sent to this list last year:
http://www.mail-archive.com/openssl-users@openssl.org/msg56301.html
