openssl ca vs openssl x509

[Stephen More]

Is there a doc somewhere that explains the differences between ca and x509 ?

I was signing client side certificates with:
openssl ca -passin pass:$ROOTCAPASS -batch -config openssl.cnf
-days 365 -keyfile private/root-ca-key.pem -cert root-ca-crt.pem -in
person/$1/$1-req.pem -out person/$1/$1-crt.pem

Only to find out that email address was getting stripped out and
prevented the use of 'SSLUserName SSL_CLIENT_S_DN_Email' inside
apache.

Now I am using x509 which make apache happy:
openssl x509 -req -passin pass:$ROOTCAPASS -days 365 -CAkey
private/root-ca-key.pem -CA root-ca-crt.pem -CAcreateserial -in
person/$1/$1-req.pem -out person/$1/$1-crt.pem

( Perhaps it is really a problem with my openssl.cnf but not sure
which option to configure )


-Thanks
Stephen More
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

[Erwin Himawan]

In general, probably look for PKI tutorial; there should be concepts associated with CA, x509 (digital certificate)

Erwin

[lisn...@gmail.com]

I think the problem is in path. x509 don't need openssl.cnf like CA