[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Effect of adding an attribute to CSR

To: ietf-pkix@xxxxxxx, kumarpuneet2004@xxxxxxxxx
Subject: Re: Effect of adding an attribute to CSR
From: pgut001@xxxxxxxxxxxxxxxxx (Peter Gutmann)
Date: Fri, 15 Oct 2004 01:19:12 +1300
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Puneet kumar <kumarpuneet2004@xxxxxxxxx> writes:

>We recently received a CSR from a new CA.We added the attribute "cn" to the
>dn of the CSR (as this is a requirement at our end) and then issued the
>cert.Now the CA's software is not accpeting the cert and they say that its
>because we added the cn attribute.We are using a softwrae by Smarttrust (CM)
>and the CA has an Entrust s/w.
>
>Now I have the following queries
>
>1.Does adding an attribute to the CSR make any difference towards the
>acceptability of the cert?

You mean the CA adding an attribute to the cert that isn't in the PKCS #10?
No, not at all, in fact it's quite standard.

>2.What options do we have at our end..I mean do we need to revoke the cert?
>Can we re-certify the cert? 

If you're the CA, it's really up to you.  If it's been explicitly rejected by
the client, I'd revoke it.

>3.Is their any setting changes that can be done in the Entrust CA softwrae to
>allow this cert with the changed distinguished name to be accepted?

You'd have to ask Entrust that.

Peter.

References:
- Effect of adding an attribute to CSR
  - From: Puneet kumar

Prev by Date: Effect of adding an attribute to CSR
Next by Date: Re: Effect of adding an attribute to CSR
Previous by thread: Effect of adding an attribute to CSR
Next by thread: Re: Effect of adding an attribute to CSR
Index(es):
- Date
- Thread