CN (Common Name) not being created in certificate.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

CN (Common Name) not being created in certificate.

Sanjay Vivek
Hi all,

I've been attempting to create a certificate but for some strange reason,
the CN (Common Name) attribute isn't being created. When I use the "openssl
x509 -text -in reto.crt", I find that the CN attribute isn't there as shown
below. I've been tweaking with the openssl.conf file but to no avail. Am I
missing out on something here? Any sort of help would be greatly
appreciated. Cheers!

C:\ssl>openssl x509 -text -in reto.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1970 (0x7b2)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=Wisconsin, L=Madison, O=University of Wisconsin,
OU=Division of Information Technology, CN=HEPKI Server CA -- 20020701A
        Validity
            Not Before: Mar 13 13:05:16 2006 GMT
            Not After : Apr 22 13:05:16 2010 GMT
        Subject: C=GB, ST=London, O=Kings College

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CN (Common Name) not being created in certificate.

Dr. Stephen Henson
On Wed, Mar 15, 2006, Sanjay Vivek wrote:

> Hi all,
>
> I've been attempting to create a certificate but for some strange reason,
> the CN (Common Name) attribute isn't being created. When I use the "openssl
> x509 -text -in reto.crt", I find that the CN attribute isn't there as shown
> below. I've been tweaking with the openssl.conf file but to no avail. Am I
> missing out on something here? Any sort of help would be greatly
> appreciated. Cheers!
>
> C:\ssl>openssl x509 -text -in reto.crt
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1970 (0x7b2)
>         Signature Algorithm: md5WithRSAEncryption
>         Issuer: C=US, ST=Wisconsin, L=Madison, O=University of Wisconsin,
> OU=Division of Information Technology, CN=HEPKI Server CA -- 20020701A
>         Validity
>             Not Before: Mar 13 13:05:16 2006 GMT
>             Not After : Apr 22 13:05:16 2010 GMT
>         Subject: C=GB, ST=London, O=Kings College
>

Depends on the command you've used to create the certificate. If you've signed
a certificate request then first check to see that CN is in the request. If it
is then check the 'policy' section to see if it is present.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: CN (Common Name) not being created in certificate.

Sanjay Vivek
Hi there,

How do I go about checking if the CN is in the certificate request (.csr)
file? I'm a total newbie in this as you can probably tell! I used the
"openssl req -new -key reto.key -out reto.csr" command to create the .csr
file and it appears to be the standard command to  create a certificate
request file.  Thanks again for your help.

Sanjay

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]]On Behalf Of Dr. Stephen Henson
Sent: 15 March 2006 15:51
To: [hidden email]
Subject: Re: CN (Common Name) not being created in certificate.


On Wed, Mar 15, 2006, Sanjay Vivek wrote:

> Hi all,
>
> I've been attempting to create a certificate but for some strange reason,
> the CN (Common Name) attribute isn't being created. When I use the
"openssl
> x509 -text -in reto.crt", I find that the CN attribute isn't there as
shown

> below. I've been tweaking with the openssl.conf file but to no avail. Am I
> missing out on something here? Any sort of help would be greatly
> appreciated. Cheers!
>
> C:\ssl>openssl x509 -text -in reto.crt
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1970 (0x7b2)
>         Signature Algorithm: md5WithRSAEncryption
>         Issuer: C=US, ST=Wisconsin, L=Madison, O=University of Wisconsin,
> OU=Division of Information Technology, CN=HEPKI Server CA -- 20020701A
>         Validity
>             Not Before: Mar 13 13:05:16 2006 GMT
>             Not After : Apr 22 13:05:16 2010 GMT
>         Subject: C=GB, ST=London, O=Kings College
>

Depends on the command you've used to create the certificate. If you've
signed
a certificate request then first check to see that CN is in the request. If
it
is then check the 'policy' section to see if it is present.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CN (Common Name) not being created in certificate.

Dr. Stephen Henson
On Thu, Mar 16, 2006, Sanjay Vivek wrote:

> Hi there,
>
> How do I go about checking if the CN is in the certificate request (.csr)
> file? I'm a total newbie in this as you can probably tell! I used the
> "openssl req -new -key reto.key -out reto.csr" command to create the .csr
> file and it appears to be the standard command to  create a certificate
> request file.  Thanks again for your help.
>

openssl req -in reto.csr -noout -subject -nameopt multiline

should make it clear.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]