req command with -multivalue-rdn set
amartin at xtec.com
amartin at xtec.com
Mon Apr 19 13:59:25 UTC 2021
I'm trying to create a certificate request with a multivalue RDN which
involves CN+UID. I achieved the encoded multi-value RDN, but I want the UID
being encoded first and then the CN. I always get the CN first, no matter
what I put in the -subj "/CN=value+UID=value" or "/UID=value+CN=value".
Changing the cnf [policy matching] entries switching the order of the
CN=provided and UID=provided doesn't have any impact either. However, if I
use CN+serialNumber, I can change the encoding order successfully by
changing the -subj between "/CN=value+serialNumber=value" or
"/SerialNumber=value+CN=value".
This is the output of mycsr.csr ANS.1 decoder for the multivalue RDN in the
case of the UID:
SET (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String John Doe
SEQUENCE (2 elem)
OBJECT IDENTIFIER 0.9.2342.19200300.100.1.1 userID (Some
oddball X.500 attribute collection)
UTF8String 12345567890
I want to obtain the same behavior I get for the serial number:
SET (2 elem)
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component)
PrintableString 1234567890
SEQUENCE (2 elem)
OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component)
UTF8String John Doe
Any thoughts,
Thanks in Advance,
Alberto Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210419/d04707fc/attachment.html>
More information about the openssl-users
mailing list