Hello,
today we discover a certificate in our Ciphermail certificate store
which is not usable for encryption because of the error "Error
building certPath. Subject distinguished name is not from a permitted
subtree". Indeed there are name constraints in a sub-CA used but i can
not figure out what the actual problem is because it actually should
match the mailadress with is xxxxx(a)ford.com
This is from the upper level issuing CA:
Zugelassen
[1]Unterstrukturen (0..Max):
RFC822-Name=.ach-llc2.com
[2]Unterstrukturen (0..Max):
RFC822-Name=.cotarko.com
[3]Unterstrukturen (0..Max):
RFC822-Name=.european-llp.com
[4]Unterstrukturen (0..Max):
RFC822-Name=.first-aquitaine.com
[5]Unterstrukturen (0..Max):
RFC822-Name=.fmcc.ch
[6]Unterstrukturen (0..Max):
RFC822-Name=.ford-alliance.com
[7]Unterstrukturen (0..Max):
RFC822-Name=.ford.com
[8]Unterstrukturen (0..Max):
RFC822-Name=.fordcredit.com
[9]Unterstrukturen (0..Max):
RFC822-Name=.forsonordic.com
[10]Unterstrukturen (0..Max):
RFC822-Name=.lincoln.com
[11]Unterstrukturen (0..Max):
RFC822-Name=.lincolnafs.com
[12]Unterstrukturen (0..Max):
RFC822-Name=.troydm.com
[13]Unterstrukturen (0..Max):
RFC822-Name=.volvoautobank.de
[14]Unterstrukturen (0..Max):
RFC822-Name=ach-llc2.com
[15]Unterstrukturen (0..Max):
RFC822-Name=cotarko.com
[16]Unterstrukturen (0..Max):
RFC822-Name=european-llp.com
[17]Unterstrukturen (0..Max):
RFC822-Name=first-aquitaine.com
[18]Unterstrukturen (0..Max):
RFC822-Name=fmcc.ch
[19]Unterstrukturen (0..Max):
RFC822-Name=ford-alliance.com
[20]Unterstrukturen (0..Max):
RFC822-Name=ford.com
[21]Unterstrukturen (0..Max):
RFC822-Name=fordcredit.com
[22]Unterstrukturen (0..Max):
RFC822-Name=forsonordic.com
[23]Unterstrukturen (0..Max):
RFC822-Name=lincoln.com
[24]Unterstrukturen (0..Max):
RFC822-Name=lincolnafs.com
[25]Unterstrukturen (0..Max):
RFC822-Name=troydm.com
[26]Unterstrukturen (0..Max):
RFC822-Name=volvoautobank.de
[27]Unterstrukturen (0..Max):
DNS-Name=ford.com
[28]Unterstrukturen (0..Max):
Verzeichnisadresse:
S=Michigan
L=Dearborn
O=Ford Motor Company
C=US
[29]Unterstrukturen (0..Max):
Verzeichnisadresse:
DC=ford
DC=com
Ausgeschlossen
[1]Unterstrukturen (0..Max):
IP-Adresse=0.0.0.0
Maske=0.0.0.0
[2]Unterstrukturen (0..Max):
IP-Adresse=0000:0000:0000:0000:0000:0000:0000:0000
Mask=0000:0000:0000:0000:0000:0000:0000:0000
Any idea what could be wrong here?
Thanks
Andreas