updated subordinate ca names to have a space; closes #509

uspki · Aug 27, 2018 · 8f03676 · 8f03676
1 parent 36a0448
commit 8f03676
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/certificate-profile-subordinate-CA.md b/certificate-profile-subordinate-CA.md
@@ -6,7 +6,7 @@
 | Issuer Signature Algorithm   | sha256 WithRSAEncryption {1 2 840 113549 1 1 11}  |
 | Issuer Distinguished Name   | Unique X.500 issuing CA DN as specified in Section 7.1.4 of this CP |
 | Validity Period   | Validity Period dates shall be encoded as UTCTime for dates through 2049 and GeneralizedTime for dates thereafter <br> Validity Period shall be no longer than 10 years from date of issue. |
-| Subject Distinguished Name   | Subordinate CA Certificate Subject Distiguished Name (DN) shall be a unique X.500 DN as specified in Section 7.1.4 of this CP.  Distinguished Name shall conform to PrintableString string type in ASN.1 notation. <br><br>The Subordinate CA Certificate DN shall be of the following format: <br>cn=US Federal TLS CAx, o=U.S. Government, c=US<br>Where _x_ starts at 1 and is incremented by 1 for each Subordinate CA signed by the Root CA.<br><br>All other attributes, for the CA Certificate Subject fields, shall not be included.  <br><br> Non-production Subordinate CAs signed by non-production Root CA certificates shall include "Test" in the DN. <br>A non-production DN example is: <br>cn=US Federal Test TLS CA1, o=U.S. Government, c=US<br> <br>Subject name shall be encoded exactly as it is encoded in the issuer field of certificates issued by the subject. |
+| Subject Distinguished Name   | Subordinate CA Certificate Subject Distiguished Name (DN) shall be a unique X.500 DN as specified in Section 7.1.4 of this CP.  Distinguished Name shall conform to PrintableString string type in ASN.1 notation. <br><br>The Subordinate CA Certificate DN shall be of the following format: <br>cn=US Federal TLS CA x, o=U.S. Government, c=US<br>Where _x_ starts at 1 and is incremented by 1 for each Subordinate CA signed by the Root CA.<br><br>All other attributes, for the CA Certificate Subject fields, shall not be included.  <br><br> Non-production Subordinate CAs signed by non-production Root CA certificates shall include "Test" in the DN. <br>A non-production DN example is: <br>cn=US Federal Test TLS CA 1, o=U.S. Government, c=US<br> <br>Subject name shall be encoded exactly as it is encoded in the issuer field of certificates issued by the subject. |
 | Subject Public Key Information   | At least 2048 bit modulus, rsaEncryption {1 2 840 113549 1 1 1} |
 | Issuer Signature   | sha256 WithRSAEncryption {1 2 840 113549 1 1 11}    |