UID in subj args - bug?
Robert Moskowitz
rgm at htt-consult.com
Thu Jul 6 15:45:57 UTC 2023
I think there is a bug....
I can provide the CSR and cert both in pem.
the CSR has:
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = US, ST = MI, L = Oak Park, O = HTT Consulting, UID
= rgm
the cert that gets created has:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
da:fb:ba:e6:b5:51:e7:15
Signature Algorithm: ED25519
Issuer: C = US, ST = MI, L = Oak Park, O = HTT Consulting, CN =
Signing CA
Validity
Not Before: Aug 1 00:00:00 2023 GMT
Not After : Jul 31 00:00:00 2024 GMT
Subject: C = US, ST = MI, L = Oak Park, O = HTT Consulting
UID gets cut in the cert. I picked up the UID DN type from somewhere
back some years ago in ver 1.0.9, I think.
Is it supported or not?
And what about Initials? How is that put into the subject?
On 7/5/23 15:50, Robert Moskowitz wrote:
> I had picked up UID as a valid type in subj. I see it in:
>
> https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html
>
> But when I have
>
> echo $DN
> /C=US/ST=MI/L=Oak Park/O=HTT Consulting/UID=rgm
>
> with -subj "$DN" my csr has:
>
> Subject: C = US, ST = MI, L = Oak Park, O = HTT Consulting,
> UID = rgm
>
> but the openssl ca command to make the certificate throws this back at
> me with:
>
> ERROR:There is already a certificate for /C=US/ST=MI/L=Oak Park/O=HTT
> Consulting
> The matching entry has the following details
> Type :Valid
> Expires on :240731000000Z
> Serial Number :6466A0D0B4ED8144
> File name :unknown
> Subject Name :/C=US/ST=MI/L=Oak Park/O=HTT Consulting
>
> And that cert does NOT have UID.
>
> It seems to be dropping the UID element?
>
> Also I see that "initials" is a valid type for subj. But I cannot
> find any example. Do I have
>
> /initials=rgm
>
> ?
>
> thanks
>
>
More information about the openssl-users
mailing list