-
Notifications
You must be signed in to change notification settings - Fork 138
Configuring DN Encoding
Endi S. Dewata edited this page Oct 28, 2021
·
1 revision
The default DN encoding is defined in DirStrConverter in JSS:
private static byte[] DefEncodingOrder = new byte[] { DerValue.tag_UTF8String, DerValue.tag_PrintableString, DerValue.tag_T61String, DerValue.tag_UniversalString };
The DN encoding can be changed using the Two-Step Installation.
To configure the DN encoding, specify the X500Name.directoryStringEncodingOrder
parameter in the CS.cfg
. For example:
X500Name.directoryStringEncodingOrder=PrintableString,UTF8String,T61String,BMPString,UniversalString
To verify the DN encoding, first export the certificate, for example:
$ pki-server subsystem-cert-export ca signing --cert-file ca_signing.crt
Then execute the following command:
$ openssl x509 -in ca_signing.crt -issuer -subject -nameopt multiline,show_type -noout issuer= organizationName = PRINTABLESTRING:EXAMPLE organizationalUnitName = PRINTABLESTRING:pki-tomcat commonName = PRINTABLESTRING:CA Signing Certificate subject= organizationName = PRINTABLESTRING:EXAMPLE organizationalUnitName = PRINTABLESTRING:pki-tomcat commonName = PRINTABLESTRING:CA Signing Certificate
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |