[openssl-users] Bug 1.0.1f - selfsign ignores email_in_dn setting

Ben Humpert ben at an3k.de
Fri Jun 19 14:24:52 UTC 2015

When the CSR contains an email address and the email_in_dn setting in
the config file is set to "no" the email address is actually present
in the issuer DN but not in the subject DN. This causes errors when
verifying certificate chains since the subject hash is used to
identify a cert but the issuer hash is different.

A dirty workaround is to 1) link the subject hash to the cert file and
additionally 2) link the issuer hash to the same cert file

More information about the openssl-users mailing list