Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual page 143

• Printable
• IA5String
• UniversalString
• BMPString
• UTF8String
For example, the DER-encoding ordered can be listed as follows:
X500Name.dirEncodingOrder=Printable,BMPString
To change the DirectoryString encoding, do the following:
1. Stop the Certificate Manager.
/etc/init.d/rhpki-ca stop
2. Open the /var/lib/rhpki-ca/conf/ directory.
3. Open the CS.cfg configuration file.
4. Add the encoding order to the configuration file.
For example, to specify two encoding values, PrintableString and UniversalString, and
the encoding order is PrintableString first and UniversalString next, add the following
line at the end of the configuration file:
X500Name.directoryStringEncodingOrder=PrintableString, UniversalString
5. Save the changes, and close the file.
6. Start the Certificate Manager.
/etc/init.d/rhpki-ca start
7. To verify that the encoding orders are in effect, enroll for a certificate using the manual enrollment
form. Use John_Doe for the cn.
8. Open the agent services page, and approve the request.
9. When the certificate is issued, use the dumpasn1 tool to examine the encoding of the certificate.
The dumpasn1 tool can be downloaded at
repoview/dumpasn1-0-20050404-1.fc4.html.
The cn component of the subject name should be encoded as a UniversalString.
10. Create and submit a new request using John Smith for the cn.
The cn component of the subject name should be encoded as a PrintableString.
http://fedoraproject.org/extras/4/i386/repodata/
Extending Attribute Support
123