Menu
▾
▴
Re: [Ejbca-develop] bug??
|
From: Tomas G. <to...@pr...> - 2004-05-27 08:14:20
|
The state component in the dn has the abbreviation 'st' not s, that's why the unknown s is dropped. The OCSPSignercertificate is added only in the OCSP-certificate, but not in the CA-certificate. When creating a new CA a CA-certificate is created and also an extra OCSP-certificate to be used if a dedicated OCSP-signer is to be used instead of the CA-itself. We don't use keytool to generate certificates, multiple components of the same type is perfectly alright. Cheers, Tomas Ken Gunderson wrote: >Greets: > >One thing I've noticed is that if one tries to use all 6 fileds when >specifying DN, one gets dropped, e.g.: > >./ca.sh init AdminCA "cn=AdminCA, ou=ca team, o=foo bar, l=someCity, >s=someState,c=someCountry" blah, blah... > >The resulting key drops the "s" field and has two cn fields, e.g.: > >CN=OCSPSignerCertificate, CN=AdminCA, OU=ca team,...... > >>From man keytool re X.500 names: > >When supplying a distinguished name string as the value of a -dname >option, as for the -genkey or -selfcert subcommands, the string must be >in the following format: > >CN=cName, OU=orgUnit, O=org, L=city, S=state, C=countryCode > >Or am I missing something here?? > > > |
