Thursday, May 30, 2013
When signing a Certificate Signing Request (CSR) with my own Certificate Authority (CA), the following error occurs even though both strings in parentheses are visually the same:
The stateOrProvinceName field needed to be the same in the CA certificate (Texas) and the request (Texas)
I encountered this error when creating a CSR on OS X Mountain Lion and then sending the CSR to a Fedora 18 box to be signed by my own CA.
The error occurs because string_mask on OS X (found in /System/Library/OpenSSL/openssl.cnf) is set to nombstr whereas on Fedora, and probably other Linux distributions, it is set to utf8only.
To fix this, change the string_mask parameter to utf8only in /System/Library/OpenSSL/openssl.cnf on OS X, or create the CSR on a Linux box instead.