recently we renewed our CA crt. Later we noticed the new CA certificate
uses different encoding in Issuer and Subject:
organizationName = UTF8STRING:INTGDC.COM
commonName = UTF8STRING:Certificate Authority
organizationName = PRINTABLESTRING:INTGDC.COM
commonName = PRINTABLESTRING:Certificate Authority
The former CA certificate is PRINTABLESTRING in both fields, as well as all
the older certs.
Since the renewal we have issues with trusting newly issued certificates,
which also have different encoding in subject and issuer.
What should be the default (correct) encoding for the certificates?
According to the: http://www.freeipa.org/page/Troubleshooting seems it
should be UTF8
but from the certmonger:
seems PRINTABLESTRING is used.
How to fix? Do we need to re-new the CA certificate once again?
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project