From eb5792da8cf8f9511d95d1de40a969190d5303e5 Mon Sep 17 00:00:00 2001 From: Someone Date: Thu, 5 Feb 2015 03:34:04 +0100 Subject: [PATCH] Better eMail-Address handling. --- certgen.data.example | 13 ++++++++----- openssl.cnf | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/certgen.data.example b/certgen.data.example index 626551d..9c14e38 100644 --- a/certgen.data.example +++ b/certgen.data.example @@ -4,18 +4,21 @@ # CRT: selfsign the new cert # CST: create a csr only. +# For some strange reason the subject line has to start with /emailAddress=... +# Otherwise some weird stuff happens - good job, openssl folks :/ + # For failing services ;) -CRT localhost /OU=CertGen/O=YouFailed;)/emailAddress=contact@somenet.org/ +CRT localhost /emailAddress=root@localhost/OU=CertGen/O=YouFailed;)/ # Setup a CA-system -CA SomeNet /OU=CertGenCA/O=somenet.org/emailAddress=contact@somenet.org/CN=SomeNet/ +CA SomeNet /emailAddress=contact@somenet.org/OU=CertGenCA/O=somenet.org/CN=SomeNet/ # ircd -SGN irc.somenet.org /OU=CertGen/O=somenet.org/emailAddress=contact@somenet.org/ a.irc.somenet.org +SGN irc.somenet.org /emailAddress=contact@somenet.org/OU=CertGen/O=somenet.org/ a.irc.somenet.org # apache stuff -SGN www.somenet.org /OU=CertGen/O=somenet.org/emailAddress=contact@somenet.org/ somenet.org,irc2go.somenet.org +SGN www.somenet.org /emailAddress=contact@somenet.org/OU=CertGen/O=somenet.org/ somenet.org,irc2go.somenet.org # we have xmpp too :/ -CSR xmpp.somenet.org /OU=CertGen/O=somenet.org/emailAddress=contact@somenet.org/ conference.xmpp.somenet.org +CSR xmpp.somenet.org /emailAddress=contact@somenet.org/OU=CertGen/O=somenet.org/ conference.xmpp.somenet.org diff --git a/openssl.cnf b/openssl.cnf index 22f4eb8..df50e6b 100644 --- a/openssl.cnf +++ b/openssl.cnf @@ -14,7 +14,7 @@ default_crl_days = 365 # how long before next CRL default_md = sha512 # use public key default MD preserve = no # keep passed DN ordering -email_in_dn = no # Don't concat the email in the DN +email_in_dn = yes # Don't concat the email in the DN copy_extensions = copyall # Required to copy SANs from CSR to cert name_opt = ca_default # Subject Name options cert_opt = ca_default # Certificate field options -- 2.43.0