0

When I run 

   openssl x509 -noout -subject -in testcert.pem

, I get back the subject name as 

 subject= /L=Dream City/ST=CA/C=US/O=Test/OU=TEST_CG/CN=dream.test.com

Then I used OpenSSL to generate a .pfx file from the .pem and .crt files. Then used Windows Certificates add-in to import the .pfx file. After importing to a my machine (Windows 7), this is how the subject name appears.

subject= /L=Dream City/S=CA/C=US/O=Test/OU=TEST_CG/CN=dream.test.com

Does anyone know why the state is coded as "S" in windows import Vs "ST" in Linux machines?

dilsingi
  • 2,938
  • 14
  • 24
  • I'm guessing its a presentation detail difference between OpenSSL and Windows tools. Use the pkcs12 tool to dump PFX cert. It will likely use *`ST=...`*. State is an attribute with OID `2.5.4.8` and value `CA` in your example; there is no string `ST=CA`. Also see a RFC that covers Distinguished Names, like [RFC 4514](http://www.ietf.org/rfc/rfc4514.txt). – jww Jul 20 '16 at 06:13
  • You should probably avoid hostnames in the CN like *`CN=dream.test.com`*. For the reasons and some of the rules, see [How to create a self-signed certificate with openssl?](http://stackoverflow.com/a/27931596/608639) – jww Jul 20 '16 at 06:16
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww Jul 20 '16 at 06:19
  • Thanks for the response @jww. This question came up while we are setting up SSL communication between database server & .NET application. Since the way "subject" decoding is differing we had to hard code the cert values in application. So its pretty much related to application development. – dilsingi Jul 20 '16 at 17:36

0 Answers0