active directory - X509 Certificate: Identity of DN (Distinguished Names) -


i use keytool create x509 certificate subject:

cn=alice, ou=demo client, o=mycompany, l=site1, st=wll, c=nz

but after create csr , entry signed (i use "openssl ca") "o" , "l" reversed:

cn=alice, ou=demo client, l=site1, o=mycompany, st=wll, c=nz

are both subjects still considered same? or order important?

they may or may not same, depending on how subject distinguished name (dn) encoded in csr , certificate. dn defined x.501 type name. rfc 5280:

   name ::= choice { -- 1 possibility --      rdnsequence  rdnsequence }     rdnsequence ::= sequence of relativedistinguishedname     relativedistinguishedname ::=      set size (1..max) of attributetypeandvalue     attributetypeandvalue ::= sequence {      type     attributetype,      value    attributevalue }     attributetype ::= object identifier     attributevalue ::= -- defined attributetype

the distinguishednamematch rule defined in rfc 5280 section 7.1 (emphasis mine):

two naming attributes match if attribute types same , values of attributes exact match after processing string preparation algorithm. two relative distinguished names rdn1 , rdn2 match if have same number of naming attributes , each naming attribute in rdn1 there matching naming attribute in rdn2. 2 distinguished names dn1 , dn2 match if have same number of rdns, each rdn in dn1 there matching rdn in dn2, , matching rdns appear in same order in both dns. distinguished name dn1 within subtree defined distinguished name dn2 if dn1 contains @ least many rdns dn2, , dn1 , dn2 match when trailing rdns in dn1 ignored.

if organization (o) , location (l) attributes appear in same relative distinguished name set in subject dn of both csr , certificate, else being equal, dns equal. if in different rdns, order of rdns has been changed, making dns different.


Comments

Post a Comment

Popular posts from this blog

powershell Start-Process exit code -1073741502 when used with Credential from a windows service environment -

i'm running strange behavior powershell start-process call. here call: $process = start-process ` "c:\somepath\mybinary.exe" ` -passthru ` -credential $defaultcredential ` -wait ` -workingdirectory "c:\somepath" ` -loaduserprofile if ($process.exitcode -ne 0) { #do } this call return exit code - 1073741502 . after quick search, exit code seems related generic error when program not load required dll (aka. status_dll_init_failed ). when run without -credential $credential program runs correctly. in order isolate problem, manually launched some.exe in prompt target credential , runs smoothly. so problem seems come way start-process cmdlet launch process. i found potential solutions problem tried apply no luck : link , link . would have idea of what's going on here ? edit 1: run proc mon monitoring program activities when launched directly or via powershell script. problem seems occur when loading kernelbase
Read more

twig - Using Twigbridge in a Laravel 5.1 Package -

i'm trying create laravel 5.1 package uses twigbridge instead of .php views. can normal .php views display fine, when try make use of .twig templates i'm met error. possible use twigbridge templates when creating views laravel package or pretty stuck blade , php ? edit 1: loading twig template without extending works. it's when start using {% extends 'file' %} error comes out. i error error loading /virtual/laravel/packages/username/mypackage/src/views/sample.twig: template "templates.master" not defined () in "/virtual/laravel/packages/username/mypackage/src/views/sample.twig" @ line 1. my folders username |_ mypackage |_ src |_ controllers - samplecontroller.php |_ views |_ templates - master.twig - sample.twig twig template sample.twig {% extends 'templates.master' %} {% block content %} {{ parent()
Read more

c# - LINQ join Entities from HashSet's, Join vs Dictionary vs HashSet performance -

i have hashset's each stores t, have written test application compares different relation algorithms can think of, i'm not pleased results getting. does there exist more efficient ways of achieving object relations, once testing? using system; using system.collections.generic; using system.linq; using system.text; using system.threading.tasks; using system.diagnostics; namespace linqtests { class program { static void main(string[] args) { hashset<user> usertable = new hashset<user>(); hashset<userproperty> userpropertytable = new hashset<userproperty>(); #region lets create dummy data. console.writeline("please wait while creating dummy data, can take while..."); console.writeline(""); int rows = 1000000; for(int x = 0; x < rows; x++) { random rnd = new random(); // ad
Read more