cchandler
commented
13 years ago I'll update this later tonight most likely. I'm all for sticking to conventions.
I'm just including this in case someone else finds this issue, but the ordering referenced is really an OpenSSL convention as opposed to a strict ordering of X.500 DistinguishedName elements. From RFC 3280:
4.1.2.4 Issuer
The issuer field identifies the entity who has signed and issued the
certificate. The issuer field MUST contain a non-empty distinguished
name (DN). The issuer field is defined as the X.501 type Name
[X.501]. Name is defined by the following ASN.1 structures:
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
On distinguished_name you have:
name = OpenSSL::X509::Name.new name.add_entry("CN", common_name) name.add_entry("O", organization) unless organization.blank? name.add_entry("OU", common_name) unless organizational_unit.blank? name.add_entry("S", common_name) unless state.blank? name.add_entry("L", common_name) unless locality.blank?
My code is currently working like this:
name = OpenSSL::X509::Name.new name.add_entry("CN", common_name) name.add_entry("O", organization) unless organization.blank? name.add_entry("OU", organizational_unit) unless organizational_unit.blank? name.add_entry("ST", state) unless state.blank? name.add_entry("L", locality) unless locality.blank? name.add_entry("C", country) unless country.blank?