Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

OpenSSL: what is the difference between organizationName and unstructuredName?

Tags:

openssl

I'm trying to use OpenSSL to generate a certificate signing request. I noticed that when going through the prompts, OpenSSL by default asks for "organizationName", and then later asks for "unstructuredName". The prompts for both indicate that the 'company name' should go in them.

The question is: why are we being asked twice? What is the difference between these 2 entries?

In my setup, I will be issuing CSRs on behalf of other companies - ie., these companies are asking me to get and instal the certificates for them. I am suspecting, therefore, that perhaps I should be putting my own company name in one of these fields, and the client's company in the other.

Can anyone clarify?

like image 612
Lux Logica Avatar asked Sep 10 '13 05:09

Lux Logica

People also ask

What is Default_md?

default_md. This option specifies the digest algorithm to use.

What is subjectAltName OpenSSL?

subjectAltName specifies additional subject identities, but for host names (and everything else defined for subjectAltName) : subjectAltName must always be used (RFC 3280 4.2. 1.7, 1. paragraph). CN is only evaluated if subjectAltName is not present and only for compatibility with old, non-compliant software.

What does OpenSSL x509 do?

The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a "mini CA" or edit certificate trust settings. Since there are a large number of options they will split up into various sections.

What is OpenSSL req command?

DESCRIPTION. This command primarily creates and processes certificate requests (CSRs) in PKCS#10 format. It can additionally create self-signed certificates for use as root CAs for example.

1 Answers

You may find this document useful.

In Section 5.2.2:

The interpretation of unstructured names is intended to be specified by certificate issuers etc.; no particular interpretation is required.

This field is part of the certificate request; The certificate issuer may look up this name or not. But this field will not appear in the resulting certificate, unlike organizationName.

like image 53
onemouth Avatar answered Jan 02 '23 13:01

onemouth
Sign in to Comment

Related questions

openssl how to check server name indication (SNI)
Cannot reach SSL IP when in docker container over bridge. Getting SSL_ERROR_SYSCALL
relocation R_X86_64_32 against a local symbol' error
OpenSSL Verify Peer (Client) Certificate in C++
TLS Handshake message parsing
PHP openssl_public_encrypt causing Page Timeout/Connection Reset?
OpenSSL certificate revocation check in client program using OCSP stapling
How to generate CSR for SSL that works with Nginx & Apache?
How to change the passphrase of a private key using PHP's OpenSSL module?
How to use SSL_CERT_FILE for OpenSSL Windows (OpenSSL 1.0.1c)
Why can't I make "OpenSSL with Ruby" and "Command line OpenSSL" interoperable?
How can I create a Certificate Signing Request (CSR) from an existing public key of a key pair (assuming the private key is in a safe spot elsewhere)?
PKCS#11 engine does not work in openssl on centos 6
Some elliptic curves in openssl give "no shared cipher" errors
AES CTR 256 Encryption Mode of operation on OpenSSL
openssl fails to produce a pfx with a valid alias
Add static library to podspec
Can't find the openssl.cnf file on my mac
OpenSSL 1.0.2m on macOS
How do I get an ECDSA public key from just a Bitcoin signature? ... SEC1 4.1.6 key recovery for curves over (mod p)-fields

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!