Just following up... Sean On 6/18/2016 10:43 AM, Sean Leonard wrote: > I am trying to create a multi-valued RDN with OpenSSL using a config > file and the openssl req -x509 command, without success. > > According to the 2006 thread "Multi-value RDNs and openssl.cnf format" > <http://openssl.6102.n7.nabble.com/Multi-value-RDNs-and-openssl-cnf-format-td7925.html>, > one is supposed to do this by prefixing the keys in the > distinguished_name section with "+" on subsequent entries to add to a > multi-valued RDN, such as: > > [distinguished_name] > ST = California > +L = Los Angeles > +postalCode=90013 > > Unfortunately, that (still) does not work. The error from openssl req > -x509 (etc.) is: > > problems making Certificate Request > 30008:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num > too large:.\crypto\asn1\a_object.c:109: > 30008:error:0B083077:x509 certificate > routines:X509_NAME_ENTRY_create_by_txt:invalid field > name:.\crypto\x509\x509name.c:285:name=+L > > > I was successful at making a multi-valued RDN with the -multivalue-rdn > and -subj options, but that is not as versatile/scriptable. Any ideas? > > Sean > > PS It looks like it may be related to the behavior in auto_info > (req.c) X509_NAME_add_entry_by_txt (x509name.c), in particular, the > relationship between the variables mval, type, and p in auto_info > (req.c). Could be a bug. > >
