Signing a certificate with my CA

Question

On running:

openssl ca -in ${ALIAS}.csr -out user-cert.pem -keyfile cacert-private.pem -cert cacert.pem -passin pass:$PASSWD -config ${CONFIG}

Answer 1

I have also run into this problem. Thanks to the replies above (mainly Francois), I discovered the source of the problem.

openssl is encoding using UTF8STRING and keytool (Java 6) is encoding with PRINTABLESTRING.

Worked around it by changing the openssl configuration so it matches keytool. In /usr/ssl/openssl.cnf change the "string_mask" setting to "pkix".