I have only used self signed certs so trying to create a CA signed so patience as a newbie; and maybe my understanding the of CA signing is wrong. I want this CA signed cert to have a different Organization name.
I create a signing key* cacert.pem* and a private key *cakey.pem *for ten years. using* myconfig.cnf*. *openssl req -new -out sign.csr -keyout sign.key -batch -passout pass:password -config myconfig.cnf -newkey rsa:2048 openssl req -new -x509 -days 3650 -extensions v3_ca -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -config myconfig.cnf -batch -passout pass:password* The myconfig.cnf has some dummy information such as Redpath Corporation [ *req_distinguished_name *] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default =* Redpath Corporation* organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) */My CA signing is ready to be used./* *I then want to create a cert which is signed by this CA signing for an SSL certificate let say for some company called Other Corporation.* Using *myother.cnf *a different configure file. I use a different config file [ *req_distinguished_name* ] countryName = Country Name (2 letter code) countryName_default = AU countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Some-State localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) 0.organizationName_default = *Other Corporation* organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR name) The openssl commands ARE *openssl genrsa -out myrsa.pem 2048 openssl req -new -out rsapub.csr -days 731 -keyout myrsa.key -batch -extensions v3_OCSP -config myother.cnf -passin pass:password openssl ca -out rsapub.crt.x509 -in rsapub.csr -passin pass:password -config myother.cnf -batch -cert ./demoCA/cacert.pem * and I get this error *openssl ca -out rsapub.crt.x509 -in rsapub.csr -passin pass:password -config myother.cnf -batch -cert ./demoCA/cacert.pem * Using configuration from myother.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'AU' stateOrProvinceName :PRINTABLE:'Some-State' organizationName :PRINTABLE:'Other Corporation' The organizationName field needed to be the same in the *CA certificate (Redpath Corporation) and the request (Other Corporation)* I have no issues using the same config file with same organization name. Maybe my understanding the CA signing is wrong. -- View this message in context: http://openssl.6102.n7.nabble.com/Using-CA-signing-for-a-cert-and-Organization-Name-setting-tp46056.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
