That I saw.
What I am looking for is a listing of the DN types allowed. Full names
and abbreviations.
https://www.openssl.org/docs/man3.0/man5/x509v3_config.html
Does not provide such a listing nor pointer to such.
On 7/6/23 12:26, Viktor Dukhovni wrote:
On Thu, Jul 06, 2023 at 12:07:00PM -0400, Robert Moskowitz wrote:
And why I just hit it with serialNumber....
I am not finding a listing of these field types in the docs. Can you
give me a pointer?
>From the ca(1) manpage:
POLICY FORMAT
The policy section consists of a set of variables corresponding to
certificate DN fields. If the value is "match" then the field value
must match the same field in the CA certificate. If the value is
"supplied" then it must be present. If the value is "optional" then
it may be present. Any fields not mentioned in the policy section
are silently deleted, unless the -preserveDN option is set but this
can be regarded more of a quirk than intended behaviour.
