Dear all, I need some assistance on a peculiar problem we are facing.
We are an organisation which acts as the TTP for all CA's operating in our country ,ie, we are the Root CA. So whenverea new CA comes up they send us a CSR (in PKCS#10) which we sign and give back a X.509 base 64 Certificate.
We recently received a CSR from a new CA.We added the attribute "cn" to the dn of the CSR (as this is a requirement at our end) and then issued the cert.Now the CA's software is not accpeting the cert and they say that its because we added the cn attribute.We are using a softwrae by Smarttrust (CM)and the CA has an Entrust s/w.
Now I have the following queries
1.Does adding an attribute to the CSR make any difference towards the acceptability of the cert?
2.What options do we have at our end..I mean do we need to revoke the cert? Can we re-certify the cert? Actually I did'nt find the term re-certify in any standardd..certs are either revoked or get expired.Your Comments would be most welcome.
3.Is their any setting changes that can be done in the Entrust CA softwrae to allow this cert with the changed distinguished name to be accepted?
Request feedback from you guys..
Thanks