NOTE distinguished name representation in jsrsasign

TOP | Wiki | DOWNLOADS | TUTORIALS | API REFERENCE | Online Tool | DEMO | NODE TOOL

---

The 'jsrsasign' uses "OpenSSL oneline" format (ex. /C=US/O=Test) for X.500 directory name string representation which is used in subject or issuer name of certificate or server name of OCSP or TSA.

There are two major representation for it:

• standard form(LDAP, RFC 1779, 2253 or 4514)

• ex. CN=example.com,O=TEST,C=US

• RDN(relative distinguished name) is separated by ','

• RDNs are shown in reverse order.

• OpenSSL oneline form

• ex. /C=US/O=TEST/CN=example.com

• RDN(relative distinguished name) is separated by '/'

• RDNs are shown in non-reverse order.

• Used by OpenSSL and OpenSSL based web servers like Apache, nginx.

LDAP string representation for distinguished name is fully supported since jsrsasign 6.2.2.

CONVERTERS

To convert from LDAP to OpenSSL online representation, X500Name.ldapToOneline static method can be used.

KJUR.asn1.x509.X500Name.ldapToOneline("O=test,C=US") => /C=US/O=test

To convert from OpenSSL online to LDAP representation, X500Name.onelineToLdap static method can be used.

KJUR.asn1.x509.X500Name.onelineToLdap("/C=US/O=test") => O=test,C=US

REFERENCES

• Java example source code file (X500Name.java)
• OpenSSL X509 command manual;
• stackoverflow: Why does Nginx Provide the Client SSL DN in reverse order?
• LShift: What's in a Distinguished Name?
• IETF RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names