On Friday 21 July 2006 08:36, Dmitrij Mironov wrote: > Hi, it's me again.
Hello,
> One more question - can I put organization name in two O fields and how?
> This decision to split long organization name to two fields looks ugly for
> me, but this can help.
>
> While I'm editing request in RA interface, I can fill two O= fields
> vertically or horisontally.
>
> In horisontal variant I get DN like this :
>
> [EMAIL PROTECTED],CN=Test CName,OU=Internet,O=Very long
> Organization name 1+O=Very long Organization name 2,C=LT
>
> In vertical :
>
> [EMAIL PROTECTED],CN=Test CName,OU=Internet,O=Very long
> Organization name 1,O=Very long Organization name 2,C=LT
>
> But works only verltical with period between O= fields. "Works" means what
> after approving, transfering to CA in issuing certificate I see two O= only
> in "vertical" variant. In "horizonal" I got certificate with O=Very long
> Organization name 2 , so first O= somehow somewhere is missed.
>
> Anybody knows why OpenCA cant issue certificate with two O= fields with +
> (plus) sign between them and whats the meaning of this plus at all?
>
The DN in x509 certificates come from the X500 directories (the ancestor of
LDAP). It is a means to find an entry in a directory (= a tree).
If a DN is : "OU=foo1,O=foo2,C=foo3" it means that you have a node "C=foo3"
under the root and under this node, you have another node ("O=foo2") and
under this node, you have another node ("OU=foo1"). A coma (",") in a DN
separate two levels in a tree.
All sub-nodes under a node must have a unique RDN : it's impossible to have a
second node "O=foo2" under "C=foo3" but if you have a node "C=foo4" you can
have a sub-node "O=foo2" under it. (Draw the tree, it will be easier to
understand)
If you have two organizations with the same name in the same country, you
can't put them in the same directory unless you use the "+" separator.
If those two organizations are in different cities, you can use a DN like
this :
o=myCorp+city=aCity,c=US
and for the other org :
o=myCorp+city=anotherCity,c=US
If you want to read more about that, take a look at :
http://safari.oreilly.com/020178792X
> Regards,
>
> Dmitrij
--
Nicolas MASSÉ
Pour récupérer ma clef GPG:
gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 0x2A18C433
Key fingerprint: 6621 FC23 5DC7 54BA B952 316A 50B1 BC3F 2A18 C433
pgpJjcFvokBy0.pgp
Description: PGP signature
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
