证书主题X.509 [英] Certificate subject X.509
问题描述
根据X.509,证书具有属性主题。
According to the X.509, a certificate has an attribute subject.
C=US, ST=Maryland, L=Pasadena, O=Brent Baccala, OU=FreeSoft,
CN=www.freesoft.org/emailAddress=baccala@freesoft.org
这是典型的主题值。问题是这些属性(C,ST,L,O,OU,CN)的类型(或标签)是什么,它们的格式是什么?
This is the typical subject value. The question is what are the types(or tags) of those attributes(C, ST, L, O, OU, CN) and what is their format?
推荐答案
IETF PKIX(最新版本 RFC 5280 )是公认的证书资料。从4.1.2.4节,必须支持以下字段(我在括号之间添加了OpenSSL长和可选短名称):
IETF PKIX (latest version RFC 5280) is a well accepted profile for certificates. From section 4.1.2.4, the following fields must be supported (I've added between parenthesis is the OpenSSL long and optional short name):
- country(countryName,C),
- 机构单位(organizationalUnitName,OU),
- b $ b
- 辨别名称限定符(dnQualifier),
- 州或省名称(stateOrProvinceName,ST),
- CN)和
- 序列号(serialNumber)。
- country (countryName, C),
- organization (organizationName, O),
- organizational unit (organizationalUnitName, OU),
- distinguished name qualifier (dnQualifier),
- state or province name (stateOrProvinceName, ST),
- common name (commonName, CN) and
- serial number (serialNumber).
应支持:
- locality(locality,L),
- / li>
- 姓氏(姓氏,SN),
- 给定名称(givenName,GN),
- ),
- 假名(假名)和
- 生成限定符(generationQualifier)。
- locality (locality, L),
- title (title),
- surname (surName, SN),
- given name (givenName, GN),
- initials (initials),
- pseudonym (pseudonym) and
- generation qualifier (generationQualifier).
值应该以UTF8String或PrintableString(其中一些仅在PrintableString中,并且在IA5String中有一些异常)编码。该标准还有所有字段类型的最大长度(附录A.1)
Values should be encoded in UTF8String or PrintableString (some of them only in PrintableString, and some exceptions in IA5String). The standard also has a maximum length for all field types (Appendix A.1)
为了兼容性的原因,实现还必须支持域组件(domainComponent,DC) IA5String。请注意电子邮件(emailAddress)及其编码(IA5String,但在DN中被视为已弃用(应在主题备用名称扩展中)。
For reasons of compatibility, implementations must also support domain components (domainComponent, DC) encoded in IA5String. Attention is drawn to email (emailAddress) and its encoding (IA5String, but it's considered deprecated in DNs (it should be in Subject Alternative Name extension).
这篇关于证书主题X.509的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
