Bug #1318: Certificate error: certificate subject does not match signing request subject - pfSense - pfSense bugtracker

Actions

Copy link

Bug #1318

closed

Certificate error: certificate subject does not match signing request subject

Added by Zinger daZinger over 13 years ago. Updated about 13 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Certificates

Target version:

2.0

Start date:

03/02/2011

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.0

Affected Architecture:

Description

Hi - I'm trying to apply a certificate from StartCom/Startssl.com to my PFSense 2.0-RC1 (amd64) -built on Wed Mar 2 12:54:13 EST 2011 - instance.

I'm getting this error:

The certificate subject 'emailAddress=user@domain.com, description=abc123xxxyyyzzz, OU=StartCom Free Certificate Member, O=Persona Not Validated, CN=host.domain.com, C=US' does not match the signing request subject.

Files

Download all files

csr.txt (1.82 KB) csr.txt	CSR sent to register.com	Erik Chow, 03/28/2011 12:12 AM
certificate.crt (2.17 KB) certificate.crt	certificate for my server	Erik Chow, 03/28/2011 12:12 AM
Intermediary_Certificate_2.crt (1.65 KB) Intermediary_Certificate_2.crt	register.com Intermediate 2 cert	Erik Chow, 03/28/2011 12:12 AM
Intermediary_Certificate_1.crt (1.49 KB) Intermediary_Certificate_1.crt	register.com intermediate 1 cert	Erik Chow, 03/28/2011 12:12 AM
Root_Certificate.crt (1.48 KB) Root_Certificate.crt	register.com root cert	Erik Chow, 03/28/2011 12:12 AM
csr.txt (1.13 KB) csr.txt	CSR	Mark Laagland, 03/29/2011 03:30 PM

Actions

Copy link

Updated by Ermal Luçi over 13 years ago

Can you show the subject that is displayed on pfSense screen of the signing request?

Actions

Copy link

Updated by Erik Chow over 13 years ago

File csr.txt csr.txt added
File certificate.crt certificate.crt added
File Intermediary_Certificate_2.crt Intermediary_Certificate_2.crt added
File Intermediary_Certificate_1.crt Intermediary_Certificate_1.crt added
File Root_Certificate.crt Root_Certificate.crt added

I am having the same issue. I tried to use a register.com SSL cert, which has intermediate CAs. Upon getting the cert from register.com, pfsense complains about "does not match the signing request subject".

My pfsense version info:
2.0-RC1 (amd64)
built on Sat Mar 26 00:18:39 EDT 2011

Actions

Copy link

Updated by Mark Laagland over 13 years ago

File csr.txt csr.txt added

I can also confirm this issue.

2.0-RC1 (i386)
built on Mon Mar 28 16:09:59 EDT 2011

The CSR (included) was signed using the CACert Class 1 root certificate. However, pfSense refuses the signed certificate. Getting

The certificate subject 'CN=stormfront-noord.int.storm.vu' does not match the signing request subject.

(CACert removes most fields, so pfSense is only complaining about the CN field)

CSR included. For obvious reasons, certificate not included.

Actions

Copy link

Updated by R M over 13 years ago

Also confirmed with RapidSSL with GeoTrust as the intermediate CA.

2.0-RC1 (amd64)
built on Thu Apr 14 11:13:23 EDT 2011

Actions

Copy link

Updated by David Prinzing over 13 years ago

I can also confirm this is the case with PositiveSSL's issued from Comodo.

2.0-RC1 (amd64)
built on Thu Apr 28 03:47:19 EDT 2011

Actions

Copy link

Updated by Ermal Luçi over 13 years ago

Possibly reading this link https://pkiwidgets.quovadisglobal.com/pkiwidgets/matchCertAndCSR.aspx the same procedure should be used form the GUI instead of pure text based matching?!

Actions

Copy link

Updated by Jim Pingle over 13 years ago

Ermal - that is exactly what is in the works. Check ticket #1438 - this ticket can probably be closed in favor of that one, which is actually the solution for this ticket once implemented.

Actions

Copy link