Red Hat Certificate System subject DN ASN.1 encoding may be inconsistent with PrintableString and UTF8String
Issue
In some cases, a certificate enrollment with a request / CSR crafted with a subject DN built with UTF-8 attributes may result in a certificate's subject DN encoding that is different.
The subject DN strings displayed by a "pretty print" or ASCII readable dump are the same as in the CSR, but the ASN.1 binary encoding of the subject DN in the issued certificate may be different than the one provided in the request.
Results may be different, depending on how the certificate enrollment was done.
For example, submitting a PKCS #10 request in the web UI, that contains a subject DN encoded with UTF-8, may produce a certificate whose subject DN encoding is changed to PrintableString encoding.
However, when submitting the same PKCS #10 request through the agent authenticated interface profileSubmitSSLClient, the subject DN's UTF-8 encoding is kept in the issued certificate.
This may sometimes be a problem.
Environment
RHEL 5
Red Hat Enterprise Linux Server release 5.8 (Tikanga)
Linux ca1.example.com 2.6.18-308.24.1.el5 #1 SMP Wed Nov 21 11:42:14 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
RHCS 8
pki-ca-8.1.1-1.el5pki
redhat-ds-base-8.2.10-3.el5dsrv
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
