On Wed, Apr 3, 2024 at 5:24 AM Travis West via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hi,
On Tue, Apr 2, 2024 at 8:50 PM Travis West via FreeIPA-users < freeipa-users(a)lists.fedorahosted.org> wrote:
As Rob wrote, it's not a problem that getcert list, OpenssL and NSS libraries show the subject in a DN order (RFC2253) or DN reverse order,
but
I find it suspect that issuer and subject have picked inconsistent order. In my f35 instance, getcert list shows the following: issuer: CN=Certificate Authority,O=IPA.TEST subject: CN=CA Subsystem,O=IPA.TEST
I'm not sure I follow. My getcert list output looks like that, except the CN and O are reversed in the Subject line
That's exactly my point. I would expect subject and issuer to display the components in the same order (ending with O=IPA.****.NET). The subject was provided to openssl req command, you can try to provide it in the reverse order.
flo
issuer: CN=Certificate Authority,O=IPA.****.NET subject: O=IPA.****.NET,CN=OCSP Subsystem
issuer: CN=Certificate Authority,O=IPA.****.NET subject: O=IPA.****.NET,CN=CA Subsystem
issuer: CN=Certificate Authority,O=IPA.****.NET subject: O=IPA.****.NET,CN=CA Audit -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue