Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
356 views
in Technique[技术] by (71.8m points)

x509 - Certificate subject X.509

According to the X.509, a certificate has an attribute subject.

C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft,
CN=www.freesoft.org/[email protected]

This is the typical subject value. The question is what are the types(or tags) of those attributes(C, ST, L, O, OU, CN) and what is their format?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

IETF PKIX (latest version RFC 5280) is a well accepted profile for certificates. From section 4.1.2.4, the following fields must be supported (I've added between parenthesis is the OpenSSL long and optional short name):

  • country (countryName, C),
  • organization (organizationName, O),
  • organizational unit (organizationalUnitName, OU),
  • distinguished name qualifier (dnQualifier),
  • state or province name (stateOrProvinceName, ST),
  • common name (commonName, CN) and
  • serial number (serialNumber).

There's also a list of element that should be supported:

  • locality (locality, L),
  • title (title),
  • surname (surName, SN),
  • given name (givenName, GN),
  • initials (initials),
  • pseudonym (pseudonym) and
  • generation qualifier (generationQualifier).

Values should be encoded in UTF8String or PrintableString (some of them only in PrintableString, and some exceptions in IA5String). The standard also has a maximum length for all field types (Appendix A.1)

For reasons of compatibility, implementations must also support domain components (domainComponent, DC) encoded in IA5String. Attention is drawn to email (emailAddress) and its encoding (IA5String, but it's considered deprecated in DNs (it should be in Subject Alternative Name extension).


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...