Thank you Nicolas for very clear and detailed answer, I'm very appreciated.
Unfortunately it didn't saves me ;o( Is it realy not possible to put more than 64 characters in O= field? > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Nicolas MASSÉ > Sent: Monday, July 24, 2006 1:45 PM > To: Ideas, tips and discussions about OpenCA installation and > management. > Subject: Re: [Openca-Users] two O= in DN (O=AAA,O=BBB or > O=AAA+O=BBB ???) > > On Friday 21 July 2006 08:36, Dmitrij Mironov wrote: > > Hi, it's me again. > > Hello, > > > One more question - can I put organization name in two O > fields and how? > > This decision to split long organization name to two fields > looks ugly > > for me, but this can help. > > > > While I'm editing request in RA interface, I can fill two O= fields > > vertically or horisontally. > > > > In horisontal variant I get DN like this : > > > > [EMAIL PROTECTED],CN=Test CName,OU=Internet,O=Very long > > Organization name 1+O=Very long Organization name 2,C=LT > > > > In vertical : > > > > [EMAIL PROTECTED],CN=Test CName,OU=Internet,O=Very long > > Organization name 1,O=Very long Organization name 2,C=LT > > > > But works only verltical with period between O= fields. > "Works" means > > what after approving, transfering to CA in issuing > certificate I see > > two O= only in "vertical" variant. In "horizonal" I got certificate > > with O=Very long Organization name 2 , so first O= somehow > somewhere is missed. > > > > Anybody knows why OpenCA cant issue certificate with two O= fields > > with + > > (plus) sign between them and whats the meaning of this plus at all? > > > > The DN in x509 certificates come from the X500 directories > (the ancestor of LDAP). It is a means to find an entry in a > directory (= a tree). > > If a DN is : "OU=foo1,O=foo2,C=foo3" it means that you have a > node "C=foo3" > under the root and under this node, you have another node > ("O=foo2") and under this node, you have another node > ("OU=foo1"). A coma (",") in a DN separate two levels in a tree. > > All sub-nodes under a node must have a unique RDN : it's > impossible to have a second node "O=foo2" under "C=foo3" but > if you have a node "C=foo4" you can have a sub-node "O=foo2" > under it. (Draw the tree, it will be easier to > understand) > > If you have two organizations with the same name in the same > country, you can't put them in the same directory unless you > use the "+" separator. > > If those two organizations are in different cities, you can > use a DN like this : > > o=myCorp+city=aCity,c=US > > and for the other org : > > o=myCorp+city=anotherCity,c=US > > If you want to read more about that, take a look at : > http://safari.oreilly.com/020178792X > > > Regards, > > > > Dmitrij > > -- > Nicolas MASSÉ > Pour récupérer ma clef GPG: > gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 0x2A18C433 Key > fingerprint: 6621 FC23 5DC7 54BA B952 316A 50B1 BC3F 2A18 C433 > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
