UID in subj args - bug?
Robert Moskowitz
rgm at htt-consult.com
Thu Jul 6 16:07:00 UTC 2023
AH!!!
And why I just hit it with serialNumber....
I am not finding a listing of these field types in the docs. Can you
give me a pointer?
On 7/6/23 11:51, Viktor Dukhovni wrote:
> On Thu, Jul 06, 2023 at 11:45:57AM -0400, Robert Moskowitz wrote:
>
>> I think there is a bug....
>>
>> I can provide the CSR and cert both in pem.
> More likely your CA config file does not specify what do with UID RDNs
> when signing CSRs. The default config file has:
>
> # A few difference way of specifying how similar the request should look
> # For type CA, the listed attributes must be the same, and the optional
> # and supplied fields are just that :-)
> policy = policy_match
>
> # For the CA policy
> [ policy_match ]
> countryName = match
> stateOrProvinceName = match
> organizationName = match
> organizationalUnitName = optional
> commonName = supplied
> emailAddress = optional
>
> # For the 'anything' policy # At this point in time, you must list all acceptable 'object'
> # types.
> [ policy_anything ]
> countryName = optional
> stateOrProvinceName = optional
> localityName = optional
> organizationName = optional
> organizationalUnitName = optional
> commonName = supplied
> emailAddress = optional
>
> No mention of UIDs there.
>
More information about the openssl-users
mailing list