I think there is a bug....
I can provide the CSR and cert both in pem.
the CSR has:
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = US, ST = MI, L = Oak Park, O = HTT Consulting, UID
= rgm
the cert that gets created has:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
da:fb:ba:e6:b5:51:e7:15
Signature Algorithm: ED25519
Issuer: C = US, ST = MI, L = Oak Park, O = HTT Consulting, CN =
Signing CA
Validity
Not Before: Aug 1 00:00:00 2023 GMT
Not After : Jul 31 00:00:00 2024 GMT
Subject: C = US, ST = MI, L = Oak Park, O = HTT Consulting
UID gets cut in the cert. I picked up the UID DN type from somewhere
back some years ago in ver 1.0.9, I think.
Is it supported or not?
And what about Initials? How is that put into the subject?
On 7/5/23 15:50, Robert Moskowitz wrote:
I had picked up UID as a valid type in subj. I see it in:
https://www.openssl.org/docs/man1.0.2/man1/openssl-req.html
But when I have
echo $DN
/C=US/ST=MI/L=Oak Park/O=HTT Consulting/UID=rgm
with -subj "$DN" my csr has:
Subject: C = US, ST = MI, L = Oak Park, O = HTT Consulting,
UID = rgm
but the openssl ca command to make the certificate throws this back at
me with:
ERROR:There is already a certificate for /C=US/ST=MI/L=Oak Park/O=HTT
Consulting
The matching entry has the following details
Type :Valid
Expires on :240731000000Z
Serial Number :6466A0D0B4ED8144
File name :unknown
Subject Name :/C=US/ST=MI/L=Oak Park/O=HTT Consulting
And that cert does NOT have UID.
It seems to be dropping the UID element?
Also I see that "initials" is a valid type for subj. But I cannot
find any example. Do I have
/initials=rgm
?
thanks
