Creating multi-valued RDN with config (still not working)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Creating multi-valued RDN with config (still not working)

Sean Leonard-5
I am trying to create a multi-valued RDN with OpenSSL using a config
file and the openssl req -x509 command, without success.

According to the 2006 thread "Multi-value RDNs and openssl.cnf format"
<http://openssl.6102.n7.nabble.com/Multi-value-RDNs-and-openssl-cnf-format-td7925.html>,
one is supposed to do this by prefixing the keys in the
distinguished_name section with "+" on subsequent entries to add to a
multi-valued RDN, such as:

[distinguished_name]
ST = California
+L = Los Angeles
+postalCode=90013

Unfortunately, that (still) does not work. The error from openssl req
-x509 (etc.) is:

problems making Certificate Request
30008:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num
too large:.\crypto\asn1\a_object.c:109:
30008:error:0B083077:x509 certificate
routines:X509_NAME_ENTRY_create_by_txt:invalid field
name:.\crypto\x509\x509name.c:285:name=+L


I was successful at making a multi-valued RDN with the -multivalue-rdn
and -subj options, but that is not as versatile/scriptable. Any ideas?

Sean

PS It looks like it may be related to the behavior in auto_info (req.c)
X509_NAME_add_entry_by_txt (x509name.c), in particular, the relationship
between the variables mval, type, and p in auto_info (req.c). Could be a
bug.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Creating multi-valued RDN with config (still not working)

Sean Leonard-5
Just following up...

Sean

On 6/18/2016 10:43 AM, Sean Leonard wrote:

> I am trying to create a multi-valued RDN with OpenSSL using a config
> file and the openssl req -x509 command, without success.
>
> According to the 2006 thread "Multi-value RDNs and openssl.cnf format"
> <http://openssl.6102.n7.nabble.com/Multi-value-RDNs-and-openssl-cnf-format-td7925.html>,
> one is supposed to do this by prefixing the keys in the
> distinguished_name section with "+" on subsequent entries to add to a
> multi-valued RDN, such as:
>
> [distinguished_name]
> ST = California
> +L = Los Angeles
> +postalCode=90013
>
> Unfortunately, that (still) does not work. The error from openssl req
> -x509 (etc.) is:
>
> problems making Certificate Request
> 30008:error:0D06407A:asn1 encoding routines:a2d_ASN1_OBJECT:first num
> too large:.\crypto\asn1\a_object.c:109:
> 30008:error:0B083077:x509 certificate
> routines:X509_NAME_ENTRY_create_by_txt:invalid field
> name:.\crypto\x509\x509name.c:285:name=+L
>
>
> I was successful at making a multi-valued RDN with the -multivalue-rdn
> and -subj options, but that is not as versatile/scriptable. Any ideas?
>
> Sean
>
> PS It looks like it may be related to the behavior in auto_info
> (req.c) X509_NAME_add_entry_by_txt (x509name.c), in particular, the
> relationship between the variables mval, type, and p in auto_info
> (req.c). Could be a bug.
>
>

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users