On 6/18/20 9:12 AM, Williams, Gareth wrote: > I can successfully add a multi-value RDN to the Subject of a > certificate request using the + format in the config file: > [..] > However, if I add a SAN to the request: > [..] > the resulting request has them as separate RDNs (as if the + is not > noticed). Probably not the answer you were expecting: In general multi-valued RDNs are a can of worms. Even if you solve this particular step within OpenSSL you might run into many more issues with other components using the certs. => I'd strongly recommend to avoid multi-valued RDNs. Sometimes people want to make the subject DN unique by adding attributes to the RDN. But those attribute values would have to be unique in a certain scope anyway to achieve that. C (country ISO code) does not look like a good candiate for that. Or did you just use that as demo example? Ciao, Michael.
