CRL issuer does not match CA subject
Aram Akhavan
aram.akhavan at asu.edu
Fri Mar 29 20:23:31 UTC 2019
Hello!
I'm creating a small PKI following the guide here:
https://jamielinux.com/docs/openssl-certificate-authority
The intermediate CA cert is created with:
/openssl ca -config $ROOT_CONF -extensions v3_intermediate_ca //-days
3650 -notext -md sha256/
If I then dump the cert, I see that subject line is
/Subject: C = us, ST = ca, O = test, CN = intermediate CA/
I then create the CRL using:
/openssl ca -config $INTRMDT_CONF //-gencrl -out $INTRMDT_CRL/
When I dump the CRL, though, the issuer is
/Issuer: /C=us/ST=ca/O=test/CN=intermediate ca/
When I put my certificate through
https://certificate.revocationcheck.com/, it complains that the CRL
issuer and intermediate CA subject don't match byte for byte.
Is there a way to have both generated with the same formatting? I looked
through my configuration files and couldn't find anything that would
explain the difference. I think it works anyways, but it would be nice
to have them match...
Best regards,
Aram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190329/a07b8d84/attachment.html>
More information about the openssl-users
mailing list