Hello,
recently we renewed our CA crt. Later we noticed the new CA certificate
uses different encoding in Issuer and Subject:
subject=
organizationName = UTF8STRING:INTGDC.COM
commonName = UTF8STRING:Certificate Authority
issuer=
organizationName = PRINTABLESTRING:INTGDC.COM
commonName = PRINTABLESTRING:Certificate Authority
The former CA certificate is PRINTABLESTRING in both fields, as well as all
the older certs.
Since the renewal we have issues with trusting newly issued certificates,
which also have different encoding in subject and issuer.
What should be the default (correct) encoding for the certificates?
According to the: http://www.freeipa.org/page/Troubleshooting seems it
should be UTF8
but from the certmonger:
https://git.fedorahosted.org/cgit/certmonger.git/commit/?id=e6ecd5d8df3413a9717c57ee7fb8702ece23afd6
seems PRINTABLESTRING is used.
How to fix? Do we need to re-new the CA certificate once again?
Thank you
Jan Orel
We run:
ipa-server-4.2.0-15.0.1.el7.centos.19.x86_64
certmonger-0.78.4-1.el7.x86_64
nuxwdog-1.0.3-4.el7_2.x86_64
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
