-
-
Notifications
You must be signed in to change notification settings - Fork 647
NOTE distinguished name representation in jsrsasign
TOP | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL
The 'jsrsasign' uses "OpenSSL compat" format (ex. /C=US/O=Test) for X.500 directory name string representation which is used in subject or issuer name of certificate, server name of OCSP or TSA.
(21-Jun-2020) I've misunderstood that DN like "/C=US/O=Test" is oneline format however it is 'compat' format
There are two major representation for it:
-
ex. CN=example.com,O=TEST,C=US
-
RDN(relative distinguished name) is separated by ','
-
RDNs are shown in reverse order.
OpenSSL compat form
-
ex. /C=US/O=TEST/CN=example.com
-
RDN(relative distinguished name) is separated by '/'
-
RDNs are shown in non-reverse order.
-
Used by OpenSSL and OpenSSL based web servers like Apache, nginx.
LDAP string representation for distinguished name is fully supported since jsrsasign 6.2.2.
dn = new KJUR.asn1.x509.X500Name({str: "/C=JP/O=Test/CN=john+E=john@example.com"}); // OpenSSL compat format(default)
dn = new KJUR.asn1.x509.X500Name({ldapstr: "CN=john+E=john@example.com,O=Test,C=JP"}); // LDAP(RFC 2253) format
To convert from LDAP to OpenSSL compat representation, X500Name.ldapToOneline static method can be used.
KJUR.asn1.x509.X500Name.ldapToOneline("O=test,C=US") => /C=US/O=test
To convert from OpenSSL online to LDAP representation, X500Name.onelineToLdap static method can be used.
KJUR.asn1.x509.X500Name.onelineToLdap("/C=US/O=test") => O=test,C=US