Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

OpenSSL won't sign my certificates [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Napalm Llama
Guru
Guru


Joined: 04 Jun 2005
Posts: 533
Location: Cardiff, UK
PostPosted: Sun Jan 01, 2012 8:33 pm    Post subject: OpenSSL won't sign my certificates [SOLVED] Reply with quote
I run a small private CA to do some internal authentication stuff on my network, but it seems to have stopped accepting certificate requests:
Code:
muttley ca # openssl version
OpenSSL 1.0.0d 8 Feb 2011
muttley ca # openssl ca -config openssl.cnf -infiles certreqs/spligmobile-csr.pem
Using configuration from openssl.cnf
Enter pass phrase for /root/ca/private/splignet-key.pem:
Check that the request matches the signature
Signature ok
The organizationName field needed to be the same in the
CA certificate (SpligNet) and the request (SpligNet)
muttley ca #

It's comparing two identical strings, and exiting with an error because it thinks they're different. I've tried searching for this, but the only advice out there seems to be "turn off the check," which seems like a horrible workaround to me. I'd rather have the check in place and functioning correctly.

Does anybody have any ideas what could be causing the issue?

Cheers :)
_________________
Ryzen 5600x; Asus TUF Gaming B550-Plus; Geforce 1660 Super
Registered Linux User #381314
# killall humans

Last edited by Napalm Llama on Tue Jan 03, 2012 8:27 pm; edited 1 time in total
Back to top
View user's profile Send private message
gerdesj
l33t
l33t


Joined: 29 Sep 2005
Posts: 621
Location: Yeovil, Somerset, UK
PostPosted: Mon Jan 02, 2012 3:45 pm    Post subject: Re: OpenSSL won't sign my certificates Reply with quote
I found this: http://comments.gmane.org/gmane.comp.encryption.openssl.user/42865

It seems to imply that although the two strings appear identical, they are of different types PrintableString or UTF8String.

Without doing more research, I would conjecture that you created your CA cert with an older version of OpenSSL that made that field of type PrintableString. The new version creates cert reqs with that field set to UTF8String.

See if there is an option to set the string type for the various fields.

Cheers
Jon
Back to top
View user's profile Send private message
Napalm Llama
Guru
Guru


Joined: 04 Jun 2005
Posts: 533
Location: Cardiff, UK
PostPosted: Tue Jan 03, 2012 8:26 pm    Post subject: Reply with quote
Thanks, that did the trick :)
_________________
Ryzen 5600x; Asus TUF Gaming B550-Plus; Geforce 1660 Super
Registered Linux User #381314
# killall humans
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy