OpenSSL CA Signing Error field needed to be the same in the CA certificate

• Updated May 13, 2017


When signing a Certificate Signing Request (CSR) with my own Certificate Authority (CA), the following error occurs even though both strings in parentheses are visually the same:

The stateOrProvinceName field needed to be the same in the CA certificate (Texas) and the request (Texas)

I encountered this error when creating a CSR on OS X Mountain Lion and then sending the CSR to a Fedora 18 box to be signed by my own CA.

The error occurs because string_mask on OS X (found in /System/Library/OpenSSL/openssl.cnf) is set to nombstr whereas on Fedora, and probably other Linux distributions, it is set to utf8only.

To fix this, change the string_mask parameter to utf8only in /System/Library/OpenSSL/openssl.cnf on OS X, or create the CSR on a Linux box instead.

References

tags

active-directory (1)


ads (1)


aix (2)


ambient-noise (1)


amd (2)


android (1)


ansible (6)


apache (2)


api (2)


apple (7)


apple-tv (1)


apt (1)


awk (1)


bash (1)


bittorrent (2)


bootstrap (3)


centos (7)


cheat-sheet (14)


chef (1)


chromeos (1)


cloud (1)


cmatrix (1)


cobbler (3)


cowboy-bebop (1)


curl (1)


darwin-streaming-server (1)


datadog (1)


ddclient (1)


debian (2)


dell (3)


development (2)


diagrams (2)


disqus (1)


dlna (1)


dns (1)


docker (1)


documentation (153)


doxie (2)


dvdbackup (1)


ejabberd (2)


exiftool (1)


fedora (6)


ffmpeg (2)


filevault (1)


find (1)


firefly (1)


git (1)


glance (1)


gluster (2)


gnome (1)


golang (1)


google-app-engine (2)


google-chrome (1)


google-chromecast (1)


google-cloud-dns (1)


google-cloud-functions (1)


google-cloud-platform (5)


google-cloud-pubsub (1)


google-drive (1)


google-kubernetes-engine (1)


handbrake (1)


icloud (2)


idrac (3)


imagemagick (1)


ios (3)


iphone (3)


iscsi (1)


java (1)


javascript (1)


jekyll (6)


jquery (3)


json (3)


kerberos (1)


keystone (1)


kickstart-profiles (7)


kubernetes (2)


kvm (2)


ldap (6)


lego (1)


lets-encrypt (1)


linux (18)


macbook (3)


macos (2)


markdown (1)


mdadm (1)


mechanical-keyboards (1)


megacli (1)


microdata (1)


msi-gs65-stealth-thin (2)


mysql (1)


namecheap (1)


networking (1)


neutron (2)


nfs (1)


nova-network (2)


openssl (2)


openstack (21)


opinions (9)


os-x (4)


os-x-mavericks (1)


os-x-mountain-lion (2)


os-x-yosemite (6)


parted (1)


preseed (1)


python (4)


quantum (1)


racadm (2)


rackspace-private-cloud (3)


raid (2)


red-hat (8)


red-hat-satellite-server (2)


reviews (7)


rfid (1)


rhel (7)


rpm (1)


rss (1)


safari (1)


samsung (1)


scp (1)


scsi (1)


security (3)


sed (1)


seo (2)


shell (10)


skippy (2)


snappass (1)


solaris (3)


spotlight (1)


ssd (2)


ssh (1)


sshpass (1)


ssl (1)


sssd (1)


stackdriver (1)


star-wars (1)


steam (1)


storage (1)


support (2)


swift (6)


terminal (1)


thinkpad (1)


transmission (2)


troubleshooting (1)


ubuntu (9)


usb-c (1)


vagrant (11)


varnish (2)


virtualbox (8)


vmware-fusion (10)


wallets (1)


web-analytics (1)


wifi (1)


windows (2)


windows-10 (1)


windows-7 (2)


windows-server (1)


world-of-warcraft (1)


xrdp (1)


xserver (1)


zfs (1)