BSP is rejecting subjectDN values that contain emailaddress


Certificates created with the openssl command line tool interactive prompts are not being interpreted correctly by BSP. Specifically, If you fill out the email prompt the resulting subjectDN is being misinterpreted by BSP.

For example, "C=US, ST=California, L=Berkeley, O=UC Berkeley - IST, OU=CTS, CN=Brian Wood/"

is read by BSP as ", CN=Brian Wood, OU=CTS, O=UC Berkeley - IST, L=Berkeley, ST=California, C=US"

This causes an exception during auth since the value expected and captured previously in Grouper for the subjectDN does not match that which BSP is passing to Grouper.


BSP 1.0


April 22, 2013, 9:21 PM

Will not fix. Workaround is to omit email address in generation of self-signed certificate. Cf. Configure Apache Web Server for Client Auth, section titled Generate a self-signed key with openssl.

Fernando Alvarez
November 9, 2012, 5:48 PM

Over to Keith for testing against bsp-dev using his cert and the values for voronoi app on Arche.

Won't Fix
Your pinned fields
Click on the next to a field label to start pinning.


Keith Hazelton


Fernando Alvarez