CRL issuer does not match CA subject

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

CRL issuer does not match CA subject

Aram Akhavan

Hello!

I'm creating a small PKI following the guide here: https://jamielinux.com/docs/openssl-certificate-authority

The intermediate CA cert is created with:
openssl ca -config $ROOT_CONF -extensions v3_intermediate_ca -days 3650 -notext -md sha256

If I then dump the cert, I see that subject line is
Subject: C = us, ST = ca, O = test, CN = intermediate CA

I then create the CRL using:
openssl ca -config $INTRMDT_CONF -gencrl -out  $INTRMDT_CRL

When I dump the CRL, though, the issuer is
Issuer: /C=us/ST=ca/O=test/CN=intermediate ca

When I put my certificate through https://certificate.revocationcheck.com/, it complains that the CRL issuer and intermediate CA subject don't match byte for byte.

Is there a way to have both generated with the same formatting? I looked through my configuration files and couldn't find anything that would explain the difference. I think it works anyways, but it would be nice to have them match...

Best regards,

Aram