Subject DN Encoding Not Preserved From Certificate Request in Red Hat Certificate System 8.0

Solution Unverified - Updated -

Issue

  • A certificate request from an Entrust PKI system that will be used for cross-certification and the subject DN has a mixture of printableString (for the C field) and UTF8 (for O, OU, CN fields).

  • The subject DN encoding should be preserved in the certificate when the CA issues it, because some applications may not compare the DN properly if encoded differently from the way the originating CA encodes it.

    • For example, if the original CA has a mixture of UTF8/printableString, and the Red Hat Certificate System product issues a subject DN that is entirely printableString (which it does), some client tools mismatch the name.

  • The documentation sounds like the User Subject Name Default extension should take the DN sequence from the client request, but it's only taking the actual characters/string and not the encoding.

  • Also need to be able to specify the name form encoding on Name Constraints extension, so that the originating CA's encoding can be compared properly with the Name Constraints.

Environment

  • Red Hat Certificate System 8.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content