<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello!</p>
<p>I'm creating a small PKI following the guide here:
<a class="moz-txt-link-freetext" href="https://jamielinux.com/docs/openssl-certificate-authority">https://jamielinux.com/docs/openssl-certificate-authority</a></p>
<p>The intermediate CA cert is created with:<br>
<i>openssl ca -config $ROOT_CONF -extensions v3_intermediate_ca </i><i>-days
3650 -notext -md sha256</i><br>
</p>
<p>If I then dump the cert, I see that subject line is<br>
<i>Subject: C = us, ST = ca, O = test, CN = intermediate CA</i></p>
<p>I then create the CRL using:<br>
<i>openssl ca -config $INTRMDT_CONF </i><i>-gencrl -outÂ
$INTRMDT_CRL</i></p>
<p>When I dump the CRL, though, the issuer is<br>
<i>Issuer: /C=us/ST=ca/O=test/CN=intermediate ca</i></p>
<p>When I put my certificate through
<a class="moz-txt-link-freetext" href="https://certificate.revocationcheck.com/">https://certificate.revocationcheck.com/</a>, it complains that the
CRL issuer and intermediate CA subject don't match byte for byte.</p>
<p>Is there a way to have both generated with the same formatting? I
looked through my configuration files and couldn't find anything
that would explain the difference. I think it works anyways, but
it would be nice to have them match...</p>
<p>Best regards,</p>
<p>Aram<br>
</p>
</body>
</html>