[Freeipa-devel] OpenSSL CA complains that CSR from --external-ca missing mandatory Country field.
Rob Crittenden
rcritten at redhat.com
Mon Jan 24 15:26:36 UTC 2011
Jeff B wrote:
> I'm not sure if this is a user error or a bug. I didn't see a way to
> tell OpenSSL to not require that Country be in the CSR.
>
> Check that the request matches the signature
> Signature ok
> The Subject's Distinguished Name is as follows
> organizationName :PRINTABLE:'MYREALM.COM'
> commonName :PRINTABLE:'Certificate Authority'
> The mandatory countryName field was missing
>
> I didn't see anything in Trac regarding this.
>
I don't know a ton about OpenSSL but I think it is because the default
configuration file, /etc/pki/tls/openssl.cnf, requires country. You
should be able to provide your own config file to the openssl commands.
rob
More information about the Freeipa-devel
mailing list