[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: [openssl-users] Re: stateOrProvinceName field problem when
From: Lou Picciano <loupicciano () comcast ! net>
Date: 2011-12-16 21:05:24
Message-ID: 1962080122.1296471.1324069524922.JavaMail.root () sz0093a ! westchester ! pa ! mail ! comcast ! net
[Download RAW message or body]
Yes, and Thank You both for doing so!
While we're at it, I am reminded of another one we've found - not terribly important, \
but worth a look:
In using this option: '-enddate 140615235959Z' when signing a CSR, the cert is \
created correctly, expiring in 2014. However, the user prompt indicates it expires in \
'365 days' - in fact, I've never seen it prompt with any number larger than 365 days! \
Not a huge problem, but...
Lou Picciano
----- Original Message -----
From: "Erwann Abalea" <erwann.abalea@keynectis.com>
To: openssl-users@openssl.org
Cc: "Jakob Bohm" <jb-openssl@wisemo.com>
Sent: Friday, December 16, 2011 1:04:49 PM
Subject: Re: [openssl-users] Re: stateOrProvinceName field problem when signing CSR
Le 16/12/2011 18:27, Jakob Bohm a écrit :
> On 12/16/2011 6:14 PM, Erwann Abalea wrote:
> > Le 16/12/2011 17:57, Mick a écrit :
> > > On Friday 16 Dec 2011 16:23:52 you wrote:
> > > > man req
> > > > Then look for the "-utf8" argument.
> > > >
> > > > I took your example below, added "-utf8" argument, and it worked.
> > > > You can display the content with "openssl req -text -noout -in
> > > > blabla.pem -nameopt multiline,utf8,-esc_msb"
> > > Would using -utf8 resolve the original OP problem?
> >
> > To create the request/certificate, yes.
> > This is what I do to embed accented characters in UTF8.
> >
> > Typing
> >
> > openssl req -utf8 -new -nodes -newkey rsa:512 -keyout THORSTROM.key
> > -out THORSTROM.csr -subj "/O=ESBJÖRN.com/OU=Esbjörn-Thörstrom
> > Group/CN=Áki Thörstrom"
> >
> > on an UTF8 capable terminal, with a "string_mask = utf8only" in the
> > right openssl.cnf file, gives me a certificate request correctly
> > encoded in UTF8 with the wanted characters in the DN.
> Sorry, but OP's problem seems to be that the CSR was created by "some
> software embedded in a router",
Sorry, I replied to the problem described by Lou Picciano, and forgot
that Mick was the OP. My fault.
--
Erwann ABALEA
-----
Le netétiquette n'est qu'une vaste fumisterie,il faut de l'argent pour
fonctionner, force,en France de refuser tout rapport sain avec
l'argent,l'on riqsque de tuer ce nouvel outil.
-+- AA in: Guide du Neuneu d'Usenet - Le netétiquette du riche -+-
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[Attachment #3 (text/html)]
<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div \
style='font-family: Verdana; font-size: 12pt; color: #000000'>Yes, and Thank You both \
for doing so! <br><br>While we're at it, I am reminded of another one we've found - \
not terribly important, but worth a look:<br><br>In using this option: '-enddate \
140615235959Z' when signing a CSR, the cert is created correctly, expiring in 2014. \
However, the user prompt indicates it expires in '365 days' - in fact, I've never \
seen it prompt with any number larger than 365 days!<br><br>Not a huge problem, \
but... <br><br>Lou Picciano<br><br><hr id="zwchr"><b>From: </b>"Erwann Abalea" \
<erwann.abalea@keynectis.com><br><b>To: </b>openssl-users@openssl.org<br><b>Cc: \
</b>"Jakob Bohm" <jb-openssl@wisemo.com><br><b>Sent: </b>Friday, December 16, \
2011 1:04:49 PM<br><b>Subject: </b>Re: [openssl-users] Re: stateOrProvinceName field \
problem when signing CSR<br><br>Le 16/12/2011 18:27, Jakob Bohm a écrit :<br>> On \
12/16/2011 6:14 PM, Erwann Abalea wrote:<br>>> Le 16/12/2011 17:57, Mick a \
écrit :<br>>>> On Friday 16 Dec 2011 16:23:52 you \
wrote:<br>>>>> man req<br>>>>> Then look for the "-utf8" \
argument.<br>>>>><br>>>>> I took your example below, added \
"-utf8" argument, and it worked.<br>>>>> You can display the content with \
"openssl req -text -noout -in<br>>>>> blabla.pem -nameopt \
multiline,utf8,-esc_msb"<br>>>> Would using -utf8 resolve the original OP \
problem?<br>>><br>>> To create the request/certificate, yes.<br>>> \
This is what I do to embed accented characters in UTF8.<br>>><br>>> \
Typing<br>>><br>>> openssl req -utf8 -new -nodes -newkey rsa:512 -keyout \
THORSTROM.key <br>>> -out THORSTROM.csr -subj \
"/O=ESBJÖRN.com/OU=Esbjörn-Thörstrom <br>>> Group/CN=Áki \
Thörstrom"<br>>><br>>> on an UTF8 capable terminal, with a "string_mask \
= utf8only" in the <br>>> right openssl.cnf file, gives me a certificate \
request correctly <br>>> encoded in UTF8 with the wanted characters in the \
DN.<br>> Sorry, but OP's problem seems to be that the CSR was created by \
"some<br>> software embedded in a router", <br><br>Sorry, I replied to the problem \
described by Lou Picciano, and forgot <br>that Mick was the OP. My fault.<br><br>-- \
<br>Erwann ABALEA<br>-----<br>Le netétiquette n'est qu'une vaste fumisterie,il faut \
de l'argent pour<br>fonctionner, force,en France de refuser tout rapport sain \
avec<br>l'argent,l'on riqsque de tuer ce nouvel outil.<br>-+- AA in: Guide du Neuneu \
d'Usenet - Le netétiquette du riche \
-+-<br><br>______________________________________________________________________<br>OpenSSL \
Project \
http://www.openssl.org<br>User Support Mailing \
List \
openssl-users@openssl.org<br>Automated List Manager \
\
majordomo@openssl.org<br></div></body></html>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic