Project

General

Profile

Actions
Copy link

Bug #1318

closed

Certificate error: certificate subject does not match signing request subject

Added by Zinger daZinger about 13 years ago. Updated over 12 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Certificates
Target version:
2.0
Start date:
03/02/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

Hi - I'm trying to apply a certificate from StartCom/Startssl.com to my PFSense 2.0-RC1 (amd64) -built on Wed Mar 2 12:54:13 EST 2011 - instance.

I'm getting this error:

The certificate subject 'emailAddress=, description=abc123xxxyyyzzz, OU=StartCom Free Certificate Member, O=Persona Not Validated, CN=host.domain.com, C=US' does not match the signing request subject.

Files

Download all files
csr.txt (1.82 KB) csr.txt CSR sent to register.com Erik Chow, 03/28/2011 12:12 AM
certificate.crt (2.17 KB) certificate.crt certificate for my server Erik Chow, 03/28/2011 12:12 AM
Intermediary_Certificate_2.crt (1.65 KB) Intermediary_Certificate_2.crt register.com Intermediate 2 cert Erik Chow, 03/28/2011 12:12 AM
Intermediary_Certificate_1.crt (1.49 KB) Intermediary_Certificate_1.crt register.com intermediate 1 cert Erik Chow, 03/28/2011 12:12 AM
Root_Certificate.crt (1.48 KB) Root_Certificate.crt register.com root cert Erik Chow, 03/28/2011 12:12 AM
csr.txt (1.13 KB) csr.txt CSR Mark Laagland, 03/29/2011 03:30 PM
Actions
Copy link
 #1

Updated by Ermal Luçi about 13 years ago

Can you show the subject that is displayed on pfSense screen of the signing request?

Actions
Copy link
 #2

Updated by Erik Chow about 13 years ago

I am having the same issue. I tried to use a register.com SSL cert, which has intermediate CAs. Upon getting the cert from register.com, pfsense complains about "does not match the signing request subject".

My pfsense version info:
2.0-RC1 (amd64)
built on Sat Mar 26 00:18:39 EDT 2011

Actions
Copy link
 #3

Updated by Mark Laagland about 13 years ago

I can also confirm this issue.

2.0-RC1 (i386)
built on Mon Mar 28 16:09:59 EDT 2011

The CSR (included) was signed using the CACert Class 1 root certificate. However, pfSense refuses the signed certificate. Getting

The certificate subject 'CN=stormfront-noord.int.storm.vu' does not match the signing request subject.

(CACert removes most fields, so pfSense is only complaining about the CN field)

CSR included. For obvious reasons, certificate not included.

Actions
Copy link
 #4

Updated by R M about 13 years ago

Also confirmed with RapidSSL with GeoTrust as the intermediate CA.

2.0-RC1 (amd64)
built on Thu Apr 14 11:13:23 EDT 2011

Actions
Copy link
 #5

Updated by David Prinzing almost 13 years ago

I can also confirm this is the case with PositiveSSL's issued from Comodo.

2.0-RC1 (amd64)
built on Thu Apr 28 03:47:19 EDT 2011

Actions
Copy link
 #6

Updated by Ermal Luçi almost 13 years ago

Possibly reading this link https://pkiwidgets.quovadisglobal.com/pkiwidgets/matchCertAndCSR.aspx the same procedure should be used form the GUI instead of pure text based matching?!

Actions
Copy link
 #7

Updated by Jim Pingle almost 13 years ago

Ermal - that is exactly what is in the works. Check ticket #1438 - this ticket can probably be closed in favor of that one, which is actually the solution for this ticket once implemented.

Actions
Copy link
 #8

Updated by Jim Pingle over 12 years ago

  • Status changed from New to Feedback

Can anyone reproduce this since #1438 has been fixed/closed?

Actions
Copy link
 #9

Updated by Chris Buechler over 12 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF