For testing, I'm trying to do these 3 steps:
I'm failing at the last step (see below). I think my problem is that I have a wrong understanding of the steps I'm doing, but I can't figure out what it is.
# generate self signed CA certificate
openssl req -x509 -days 2557 -newkey rsa:1024 -out ca-cert.pem -keyout ca-sec-key.pem
# for another entity, generate another private key and a signing request
openssl req -newkey rsa:1024 -out sub-request.pem -keyout sub-sec-key.pem
# the following fails:
# sign the request using the CA certificate and key
openssl ca -cert ca-cert.pem -keyfile ca-sec-key.pem -in sub-request.pem -out sub-cert.pem
Error:
The organizationName field needed to be the same in the
CA certificate (My Own CA Company) and the request (My Customer)
I do not understand why openssl is complaining about these being different at all. I think they should be different.
Most probably your OpenSSL config is based on the default config file (openssl.cnf) which restricts the value of the organizationName DN component. In the CA section find the policy=<section_name> entry and change organizationName=match to organizationName=supplied as in:
[ policy_match ]
organizationName = supplied