I'm trying to use OpenSSL to generate a certificate signing request. I noticed that when going through the prompts, OpenSSL by default asks for "organizationName", and then later asks for "unstructuredName". The prompts for both indicate that the 'company name' should go in them.
The question is: why are we being asked twice? What is the difference between these 2 entries?
In my setup, I will be issuing CSRs on behalf of other companies - ie., these companies are asking me to get and instal the certificates for them. I am suspecting, therefore, that perhaps I should be putting my own company name in one of these fields, and the client's company in the other.
Can anyone clarify?
default_md. This option specifies the digest algorithm to use.
subjectAltName specifies additional subject identities, but for host names (and everything else defined for subjectAltName) : subjectAltName must always be used (RFC 3280 4.2. 1.7, 1. paragraph). CN is only evaluated if subjectAltName is not present and only for compatibility with old, non-compliant software.
The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a "mini CA" or edit certificate trust settings. Since there are a large number of options they will split up into various sections.
DESCRIPTION. This command primarily creates and processes certificate requests (CSRs) in PKCS#10 format. It can additionally create self-signed certificates for use as root CAs for example.
You may find this document useful.
In Section 5.2.2:
The interpretation of unstructured names is intended to be specified by certificate issuers etc.; no particular interpretation is required.
This field is part of the certificate request; The certificate issuer may look up this name or not. But this field will not appear in the resulting certificate, unlike organizationName.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With