On 05.08.2013, at 21:52, redpath wrote: > openssl ca -out rsapub.crt.x509 -in rsapub.csr -passin pass:password -config > myother.cnf -batch -cert ./demoCA/cacert.pem > * > > and I get this error > > *openssl ca -out rsapub.crt.x509 -in rsapub.csr -passin pass:password > -config myother.cnf -batch -cert ./demoCA/cacert.pem * > Using configuration from myother.cnf > Check that the request matches the signature > Signature ok > The Subject's Distinguished Name is as follows > countryName :PRINTABLE:'AU' > stateOrProvinceName :PRINTABLE:'Some-State' > organizationName :PRINTABLE:'Other Corporation' > The organizationName field needed to be the same in the > *CA certificate (Redpath Corporation) and the request (Other Corporation)* > > > I have no issues using the same config file with same organization name. > Maybe my understanding the CA signing is wrong.
I suggest to NOT base your experiments on the default config file (openssl.cnf) as it contains all kinds of confusing cruft. In this case, the naming policy of your CA restricts the value of the organizationName DN component. In the CA section find the policy=<section_name> entry. Then in the policy section change organizationName=match to organizationName=supplied. HTH, Stefan -- Stefan H. Holek ste...@epy.co.at http://pki-tutorial.readthedocs.org | http://pgpdump.net ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
