UID in subj args - bug?
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Jul 6 15:51:35 UTC 2023
On Thu, Jul 06, 2023 at 11:45:57AM -0400, Robert Moskowitz wrote:
> I think there is a bug....
>
> I can provide the CSR and cert both in pem.
More likely your CA config file does not specify what do with UID RDNs
when signing CSRs. The default config file has:
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy # At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
No mention of UIDs there.
--
Viktor.
More information about the openssl-users
mailing list