[caops-wg] [igtf-general] Re: Certificate Profile document, update v0.5
Dhiva
dhiva at es.net
Tue Sep 12 14:00:55 CDT 2006
Hi David,
Section 5.1 Examples of directory names.
I believe domainComponent should be encoded as IA5String.
The latest openssl and our RedHat Certificate system encodes
domainComponent 'DC' as IA5String.
Openssl 9.7c or older version encodes domainComponent as PrintableString.
We had to convince RedHat folks to develop a patch for RedHat
certificate system so that it would accept 'domainComponent' as
PrintableString also.
PrintableString is really a subset of IA5String, so if we change it
IA5String that covers old style of encoding and new style of encoding.
But if we keep it as PrintableString then the new certificates issued by
DOEGrids are not covered here. I hope thats true for all other CAs.
thanks
dhiva
ATF Team
DOEGrids CA operators
>
>> David, I have now finally had time to go through the document
>> and made only a few changes. And fixed a few bugs, like commonName
>> cannot use IA5String as encoding. I used Word's change tracker.
>>
>> http://www.grid-support.ac.uk/files/eugridpma-certprofile-20060814-0-6-jens.doc
>>
>
>
>
More information about the caops-wg
mailing list