Customizing The Subject Dn In A Certificate Request Issued By An Ra - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

X500Name.dirEncodingOrder=Printable,BMPString
To change the DirectoryString encoding, do the following:
1. Stop the Certificate Manager.
service pki-ca stop
2. Open the /var/lib/pki-ca/conf/ directory.
3. Open the CS.cfg configuration file.
4. Add the encoding order to the configuration file.
For example, to specify two encoding values, PrintableString and UniversalString, and
the encoding order is PrintableString first and UniversalString next, add the following
line at the end of the configuration file:
X500Name.directoryStringEncodingOrder=PrintableString, UniversalString
5. Save the changes, and close the file.
6. Start the Certificate Manager.
service pki-ca start
7. To verify that the encoding orders are in effect, enroll for a certificate using the manual enrollment
form. Use John_Doe for the cn.
8. Open the agent services page, and approve the request.
9. When the certificate is issued, use the dumpasn1 tool to examine the encoding of the certificate.
The dumpasn1 tool can be downloaded at
repoview/dumpasn1-0-20050404-1.fc4.html.
The cn component of the subject name should be encoded as a UniversalString.
10. Create and submit a new request using John Smith for the cn.
The cn component of the subject name should be encoded as a PrintableString.
2.7.3. Customizing the Subject DN in a Certificate Request Issued
by an RA
By default, the DN is taken from the input provided by the user on the User Enrollment page,
specifically "UID" and "Your Email." For example, "UID=yourUID, E=youremail@example.com". You
can customize the DN by editing the user.vm file for the RA.

Customizing the Subject DN in a Certificate Request Issued by an RA

http://fedoraproject.org/extras/4/i386/repodata/
67