Marcel Ammerlaan wrote:
A second issue with interop testing I found is the issuer-name. In the test-certificate I use the state attribute is present. The .Net platform
> generates a message with the attribute 'ST=' whereas Java generates 'S=' > (or the other way round. I don't have the messages at hand right now).
I saw some other issues regarding matching of the DN, but these were related to the order of the attributes. Is there any definitive workaround for this (apart from the hack I made..)
Having gone down this road over the warnings of people with more experience than myself, I can tell you that DN comparison is not a basis for reliable software. If you really want to do it, you need to work in OID land and turn the RDNs into logical pieces you can compare without regard for the short names.
-- Scott
