Unable to create certificate request if O=Example, Inc.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

mallapadi niranjan wrote:
> Hi all
>
> I have Fedora Directory Server installed on F9 box 
> (fedora-ds-base-1.1.3-2.fc9.x86_64). Due to sum bug i guess , i am 
> unable to create the certificate request through  Console that is
> Directory Server->Manager Certificates-> Request -> Request 
> Certificate Manually.
>
> In the Server Name:dhcp7-92.example.com <http://dhcp7-92.example.com>
> Organization: Example, Inc.   
> City/Locality: Raleigh
> State/Province: North Carolina
> Country/Region: US United States
>
> Click on Show DN and i remove all the double quotes  and my DN looks 
> as below
>
> CN="dhcp7-92.example.com <http://dhcp7-92.example.com>, O=Example, 
> Inc., L=Raleigh, ST=North Carolina, C=US
>
> When i click on Next it says "Unable to convert DN to certificate name
>
> So i tried with certutil command.
> $cd /etc/dirsrv/slapd-dhcp7-92/
> $certutil -R -s "C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., 
> CN=dhcp7-92.example.com <http://dhcp7-92.example.com>" -o mycert.req -d .
>
> I got the below output
> certutil -s: improperly formatted name: "C=US, ST=North Carolina, 
> L=Raleigh, O=Example, Inc., CN=dhcp7-92.pnq.redhat.com 
> <http://dhcp7-92.pnq.redhat.com>"
>
> Now if i modify it as "certutil -R -s "C=US, ST=North Carolina, 
> L=Raleigh, O=Example, CN=dhcp7-92.pnq.redhat.com 
> <http://dhcp7-92.pnq.redhat.com>" -o mycert.req -d ."
> it works.
>
> The same with the console i.e  If Organization title is modified from 
> "Example, Inc. " to "Example"  it works.
>
> So the space and period symbol in (Example, Inc.) is an issue  ?
I think space and period are fine - you don't have a problem with them 
in other parts of your DN.  The problem is the comma ',' after Example - 
try escaping the comma e.g.
"C=US, ST=North Carolina, L=Raleigh, O=Example\\, 
Inc.,CN=dhcp7-92.pnq.redhat.com <http://dhcp7-92.pnq.redhat.com>"
Not sure about the correct escape syntax
>
> But this doesn't happen when i create certifcate requests with openssl 
> commands. 
Hmm - maybe openssl is smart enough to handle the comma?
>
> Regards
> Niranjan
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux