is that really a self signed certificate? For self signed certificates names of issuer are the same as names of subject. In your example OU and CN are not the same. Also, according to wikipedia, self signed certificates (root certificates) cannot be revoked, although I do not understand why. (CRL could be signed by certificates own key). Citējot *Daniel Spannbauer <d...@marco.de> [1]*: > Hello, > > I use self-signed certificates for my VPN. Now, I try to revoke a > crt. > I called: openssl ca -revoke edge.crt -config vpn.conf > But I get the error: > "ERROR:name does not match /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge > am/emailAddress=xxx" > > The header of the crt: > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 8 (0x8) > Signature Algorithm: md5WithRSAEncryption > Issuer: C=DE, ST=BY, L=yyy, O=xxx, OU=gate tun1, CN=gate > tun1/Email=xxx > Validity > Not Before: May 14 11:12:27 2010 GMT > Not After : May 11 11:12:27 2020 GMT > Subject: C=DE, ST=BY, O=xxx, OU=edge am, CN=edge > am/Email=xxx > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > > > The entry in index.txt: > V 200511111227Z 08 unknown > /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge am/Email=xxx > > > In my opinion, there is no error in crt or index.txt. Can anybody > help > me to find the error? > > Regards > > Daniel > > > -- > Daniel Spannbauer Software Entwicklung > marco Systemanalyse und Entwicklung GmbH Tel +49 8333 9233-27 > Fax -11 > Rechbergstr. 4 - 6, D 87727 Babenhausen Mobil +49 171 4033220 > http://www.marco.de/ Email d...@marco.de > Geschäftsführer Martin Reuter HRB 171775 Amtsgericht > München > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > majord...@openssl.org
Links: ------ [1] mailto:d...@marco.de
