The surname subject attribute of a certificate is shorten by GSS as "SN". However, bouncycastle transform "SN" into "SERIALNUMBER" during X509 generation. At the end the subject in the certificate database object and in the X509 certificate is different.
It does not cause any trouble, expect while importing a certificate into GSS (CA mapping action) or trying to find a X509 certificate based on its GSS' subject.
The certificate subject must be created using the long attribute version : ie "SURNAME" instead of "SN".
It may also be interesting to replace all previous ",SN=" substring by ",SERIALNUMBER=" in order certificate db objects match with their X509.
It does not cause any trouble, expect while importing a certificate into GSS (CA mapping action) or trying to find a X509 certificate based on its GSS' subject.
The certificate subject must be created using the long attribute version : ie "SURNAME" instead of "SN".
It may also be interesting to replace all previous ",SN=" substring by ",SERIALNUMBER=" in order certificate db objects match with their X509.
- is cloned by
-
GSS-528 E subject attribute is interpreted by bouncycastle as EMAILADDRESS
-
- Open
-