Certificates created with the openssl command line tool interactive prompts are not being interpreted correctly by BSP. Specifically, If you fill out the email prompt the resulting subjectDN is being misinterpreted by BSP.
For example, "C=US, ST=California, L=Berkeley, O=UC Berkeley - IST, OU=CTS, CN=Brian Wood/emailAddressemail@example.com"
is read by BSP as "EMAILADDRESSfirstname.lastname@example.org, CN=Brian Wood, OU=CTS, O=UC Berkeley - IST, L=Berkeley, ST=California, C=US"
This causes an exception during auth since the value expected and captured previously in Grouper for the subjectDN does not match that which BSP is passing to Grouper.