I am getting 2 errors when inspecting DCPs using dcp_inspect
Kindly let me know if these errors are to be ignored or something should/could be done to overcome them
Attached is the dcp_inspect log file and below is the relevant portion of the full text
Error: PKL 4b3656a7-5ca6-450f-b623-0703f65539dd: Signature : Role title present in CommonName field of authority certificate
Error: CPL 536d3248-2047-4aa0-8c33-11979925f91d: Signature : Role title present in CommonName field of authority certificate
You do not have the required permissions to view the files attached to this post.
This is what I have in my decryption intermediate certificate subject=O=dcpomatic.com, OU=dcpomatic.com, CN=.dcpomatic.smpte-430-2.INTERMEDIATE, dnQualifier=udvSx9v2te506ZgZDcfSqJiXySU=
This is what I have in my signing intermediate certificate subject=O=dcpomatic.com, OU=dcpomatic.com, CN=., dnQualifier=YTAkbSr1Cq01WlD4GxBozOimc3g=
Extracted using the following command for each certificate openssl x509 -in <Certificate File> -noout -subject
Backup your current preferences folder, including the cert chain.
Then recreate your cert chain in DCP-o-matic and create a new DCP. Check that DCP and see if your dcp_inspect warning returns.
The signing certificate is not relevant for decryption, you should be able to recreate it without issues.
At some time, dcp-o-matic created signing certificates with specific formal issues, that was corrected after a while. I have never heard about real playback issues with these certificates. After the issue was fixed in dcp-o-matic, subsequent releases of dcp-o-matic came up with a warning and offered to recreate the signing certificates. Don't know if you skipped that.
Thanks for the response Carsten. Yes. When I did an upgrade to a newer version it certainly offered to recreate the signing certificates which I always skipped as I did not want the existing DCPs etc or DKDMs to stop working. Now it is clear. Thanks again for the explanation.
: Role title present in CommonName field of authority certificate