Skip to content
Advertisement

X500Principal Distinguished Name order

I’m using the Bouncycastle lib to generate certificates from PKCS10 requests using the X509v3CertificateBuilder class.

It returns build a X509CertificateHolder object which contains the generated certificate. If I call getIssuer on the holder, it returns the issuer distinguished name in the correct order (the same returned if I call getSubjectX500Principal() on the issuer certificate), if I parse the encoded version from the holder using the java CertificateFactory, the getIssuerX500Principal() method of the generated certificate returns the DN in the opposite order, what’s wrong?

Here is an example code of what I’m trying to do:

JavaScript

Advertisement

Answer

Since I need to compare distinguished names, I resolved by parsing the DN with LdapName class and comparing the parsed rdns:

JavaScript
User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement