I’m trying to create a certificate request with a multivalue RDN which involves CN+UID. I achieved the encoded multi-value RDN, but I want the UID being encoded first and then the CN. I always get the CN first, no matter what I put in the -subj “/CN=value+UID=value” or “/UID=value+CN=value”. Changing the cnf [policy matching] entries switching the order of the CN=provided and UID=provided doesn’t have any impact either. However, if I use CN+serialNumber, I can change the encoding order successfully by changing the -subj between “/CN=value+serialNumber=value” or “/SerialNumber=value+CN=value”. This is the output of mycsr.csr ANS.1 decoder for the multivalue RDN in the case of the UID: SET (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component) UTF8String John Doe SEQUENCE (2 elem) OBJECT IDENTIFIER 0.9.2342.19200300.100.1.1 userID (Some oddball X.500 attribute collection) UTF8String 12345567890 I want to obtain the same behavior I get for the serial number: SET (2 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.5 serialNumber (X.520 DN component) PrintableString 1234567890 SEQUENCE (2 elem) OBJECT IDENTIFIER 2.5.4.3 commonName (X.520 DN component) UTF8String John Doe Any thoughts, Thanks in Advance, Alberto Martin |
