We were also dealing with this problem in the PPS wiki and it was hard
to find the reason.
At that time David Groep explained very well the reason in the
pre-production list so simply I forward his email because other people
can be dealing with the same problem in the future for example if they
implement access controlled by certificate to a given resource and it's
still hard to find the explanation in google ;-)
----
The "Email="
syntax is the OpenSSL<=0.9.5 way of rendering the string representation
of the subject email address (OID 1.2.840.113549.1.9.1 IIRC). This
string representation was "invented" by OpenSSL and was non-standard.
Newer versions of OpenSSL and, I think, also most Java-originating
string representationf os the DN use "emailAddress" as the string
rendering of that OID.
So it's up to the client to do the rendering, and if you are using
plain access control list it depends on the client software
which one you have to use. There's nothing the CA could do
to change that.
DavidG.
PS: RFC2459 did formally deprecate the emailAddress in the DN, but it
is still a de-facto standard for many CAs.
----
Rafal Lichwala wrote:
>Hi All,
>
>For last several days I've got some feedbacks about problems with an access to
>the SFT-2 Admin's Page from people who are using e-mail address field in
>their certificate's DN.
>There is some incompatibility between email address field's name stored in GOC
>DB and the one existing in user's certificate. I don't know what is the
>source of this incompatibility but this is the reason of these problems with
>access to the SFT-2 Admin's Page so, it's not really a bug...
>Anyway... I've just fixed that and email address field is not taken into
>account any more. Everything should work fine now.
>
>Best regards
>
>Rafal Lichwala
>
>
>---------- Forwarded Message ----------
>
>Subject: SFT-2 Admin's Page available for all EGEE site managers!
>Date: Friday 16 September 2005 03:14 pm
>From: Rafal Lichwala <[log in to unmask]>
>To: [log in to unmask]
>
>Dear All,
>
>At the following URL:
>
>https://monitoring.egee.man.poznan.pl/admin2/
>
>you will find "SFT-2 Admin's Page". It's a part of PSNC Monitoring System
>designed for monitoring and managing ROC CE.
>It's a useful tool for submitting and publishing SFT-2 jobs "on demand".
>Now we decided to make it available for all EGEE sites and users.
>You can submit standard SFT test jobs (for sites you manage) by yourself at
>any time and you don't need to wait for "official" (scheduled every 3 hours)
>published tests.
>When your jobs have "Done" status you can publish them and see the results on
>the official SFT-2 test results web page:
>
>https://lcg-sft.cern.ch:9443/sft/lastreport.cgi
>
>"SFT-2 Admin's Page" is just a nice GUI (a set of web pages) for SFT-2 client
>released in LCG 2.6. I hope it will be useful for all of you.
>
>Best regards.
>
>Rafal Lichwala
>
>--
>
>* * *
>* R a f a l L i c h w a l a
>* Poznan Supercomputing and Networking Center
>* EGEE Project Participant
>*
>* Address : Poznan Supercomputing and Networking Center
>* 60-814 Poznan, Zwierzyniecka 20
>* Phone : (+48 61) 858 21 82
>* E-mail : mailto:[log in to unmask]
>*
>* * *
>
>-------------------------------------------------------
>
>
>
--
Dr. Javier Lopez Cacheiro
Centro de Supercomputacion de Galicia (CESGA)
Avda. de Vigo. s/n (Campus Sur)
15705 Santiago de Compostela (Spain)
Tel: +34 981 56 98 10 ; Fax: +34 981 59 46 16
email: [log in to unmask] ; http://www.cesga.es/
------------------------------------------------
