OpenSSL "ca" Error "stateOrProvinceName field needed to be the same"

Q

Why I am getting the "The stateOrProvinceName field needed to be the same in the CA certificate (...) and the request (...)" error when running OpenSSL "ca" command?

✍: FYIcenter.com

A

If you are running the OpenSSL "ca" command installed with the slproweb binary package for Windows, you may get the "The stateOrProvinceName field needed to be the same in the CA certificate (...) and the request (...)" error as shown below:

C:\Users\fyicenter>\local\OpenSSL-Win32\bin\openssl.exe

OpenSSL> ca -in test.csr -keyfile my_ca.key -cert my_ca.crt
Using configuration from C:\local\OpenSSL-Win32\bin\openssl.cfg
Enter pass phrase for my_ca.key:
Check that the request matches the signature
Signature ok
The stateOrProvinceName field needed to be the same in the
CA certificate (TX) and the request (NY)
error in ca

This error is caused by the "stateOrProvinceName=match" option in the [policy_match] section in the configuration file. This option limits you to sign a CSR that has the same stateOrProvinceName as you CA certificate.

Fixing this error is easy. Just add "-policy policy_anything" option in the "ca" command to by-pass this requirement.

 

OpenSSL "ca" - Sign CSR with CA Certificate

OpenSSL "ca" - "error while loading serial number"

OpenSSL "ca" Command

⇑⇑ OpenSSL Tutorials

2016-09-13, 2252👍, 0💬