#62 Different "Subject" interpretation with NSS/OpenSSL in CSR
Opened 3 years ago by stlaz. Modified 3 years ago

When Certmonger generates CSRs, it uses different "Subject" field interpretation based on where the final certificate should be stored:

  • If the storage is in file, it uses OpenSSL backend which uses direct X509 "Subject" representation (CN=IPA RA, O=EXAMPLE.DOM ===> CN=IPA RA, O=EXAMPLE.DOM).
  • If the storage is an NSS database, NSS backend is used which gets the received template subject and reverts its componends to get the LDAP representation of "Subject" (CN=IPA RA, O=EXAMPLE.DOM ===> O=EXAMPLE.DOM, CN=IPA RA).

This leads to great confusion when user decides just to change the storage of their certificates from a point on.

Metadata Update from @stlaz:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

3 years ago

Login to comment on this ticket.