On Wed, Apr 3, 2024 at 5:24 AM Travis West via FreeIPA-users < [email protected]> wrote:
> > Hi, > > > > On Tue, Apr 2, 2024 at 8:50 PM Travis West via FreeIPA-users < > > freeipa-users(a)lists.fedorahosted.org> wrote: > > > > As Rob wrote, it's not a problem that getcert list, OpenssL and NSS > > libraries show the subject in a DN order (RFC2253) or DN reverse order, > but > > I find it suspect that issuer and subject have picked inconsistent order. > > In my f35 instance, getcert list shows the following: > > issuer: CN=Certificate Authority,O=IPA.TEST > > subject: CN=CA Subsystem,O=IPA.TEST > > > > I'm not sure I follow. My getcert list output looks like that, except the > CN and O are reversed in the Subject line > That's exactly my point. I would expect subject and issuer to display the components in the same order (ending with O=IPA.****.NET). The subject was provided to openssl req command, you can try to provide it in the reverse order. flo > > issuer: CN=Certificate Authority,O=IPA.****.NET > subject: O=IPA.****.NET,CN=OCSP Subsystem > > issuer: CN=Certificate Authority,O=IPA.****.NET > subject: O=IPA.****.NET,CN=CA Subsystem > > issuer: CN=Certificate Authority,O=IPA.****.NET > subject: O=IPA.****.NET,CN=CA Audit > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
