# OpenSSL won't sign my certificates [SOLVED]

## Napalm Llama

I run a small private CA to do some internal authentication stuff on my network, but it seems to have stopped accepting certificate requests:

```
muttley ca # openssl version

OpenSSL 1.0.0d 8 Feb 2011

muttley ca # openssl ca -config openssl.cnf -infiles certreqs/spligmobile-csr.pem 

Using configuration from openssl.cnf

Enter pass phrase for /root/ca/private/splignet-key.pem:

Check that the request matches the signature

Signature ok

The organizationName field needed to be the same in the

CA certificate (SpligNet) and the request (SpligNet)

muttley ca #
```

It's comparing two identical strings, and exiting with an error because it thinks they're different.  I've tried searching for this, but the only advice out there seems to be "turn off the check," which seems like a horrible workaround to me.  I'd rather have the check in place and functioning correctly.

Does anybody have any ideas what could be causing the issue?

Cheers  :Smile: 

----------

## gerdesj

I found this: http://comments.gmane.org/gmane.comp.encryption.openssl.user/42865

It seems to imply that although the two strings appear identical, they are of different types PrintableString or UTF8String.  

Without doing more research, I would conjecture that you created your CA cert with an older version of OpenSSL that made that field of type PrintableString.  The new version creates cert reqs with that field set to UTF8String.  

See if there is an option to set the string type for the various fields.

Cheers

Jon

----------

## Napalm Llama

Thanks, that did the trick  :Smile: 

----------

