DNs in Certificate Management System
Appendix
A
Distinguished Names
319
To change the DirectoryString encoding:
1.
Stop the Certificate Manager.
2.
Go to this directory:
<server_root>/cert-<instance_id>/config
3.
Open the configuration file,
CMS.cfg
, in a text editor.
4.
Add the encoding order to the configuration file.
For example, if you want to specify two encoding values,
PrintableString
and
UniversalString
, and the encoding order is
PrintableString
first and
UniversalString
next, you would add the following line at the end of the
configuration file:
X500Name.directoryStringEncodingOrder=PrintableString,
UniversalString
5.
Save your changes and close the file.
6.
To verify that the encoding order are in effect, enroll for a certificate using the
manual enrollment form. Use
“John_Doe”
for CN.
7.
Go to the agent interface and approve your request.
8.
When you receive the certificate, use the
dumpasn1
tool to examine the
encoding of the certificate. For details about the
dumpasn1
tool, see CMS
Command-Line Tools Guide.
The CN component of the subject name should be encoded as a
UniversalString
.
9.
Repeat Steps 6 through 8 above, but use
"John Smith
for CN this time.
The CN component of the subject name should be encoded as a
PrintableString.
Role of Distinguished Names in Certificates
In certificates issued by Certificate Management System, DNs are used to identify
the entity that owns the certificate. In all cases, if you are using Certificate
Management System with a directory, the format of the DNs in your certificates
should match the format of the DNs in your directory. It is not necessary that the
names match exactly; certificate mapping allows the subject DN in a certificate to
be different from the one in the directory. For more information, see Chapter 5,
“Mapper Plug-in Modules.”
Summary of Contents for Certificate Management System 6.0
Page 1: ...Plug Ins Guide Netscape Certificate Management System Version6 0 March 2002...
Page 10: ...10 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 62: ...Enrollment Forms 62 Netscape Certificate Management System Plug Ins Guide March 2002...
Page 308: ...NTEventLog Plug in Module 308 Netscape Certificate Management System Plug Ins Guide March 2002...