On Fri, 21 Feb 2025 13:47:59 GMT, Matthew Donovan <mdono...@openjdk.org> wrote:
> The similarity between the certificate pairs is impressive! Just curious - > why the change in issuer and owner names? After looking into this some more, I found that `X500Name(String dname)` is expecting the string to be in the same order as RFC 1779, 2253, or 4514. If you give the constructor a "backwards" string, it will store and print it backwards. OpenSSL prints them backwards and I was using OpenSSL to print the hard-coded certificates and then just copying and pasting the strings. I changed the hard-coded DN strings to follow the RFC order. ------------- PR Comment: https://git.openjdk.org/jdk/pull/23700#issuecomment-2733572650
