• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

getIssuerX500Principal().getName() returns wired name

Fahim Farook
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1) I'm retrieving the issuer of a X509Certificate as follows.

cert.toString() shows the issuer as:
EMAILADDRESS=root@someperson, CN=someCommonName, OU=SomeOrganizationalUnit, O=SomeOrganization, L=SomeCity, ST=SomeState, C=--

However cert.getIssuerX500Principal().getName() returns the following:
1.2.<SOME DIGITS>=#<SOME DIGITS>,CN=someCommonName,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=--

However if I used cert.getIssuerX500Principal().getName("RFC1779"), it will return the issuer correctly (i.e. with root@someperson ).
Can anyone please explain whether it is correct to use cert.getIssuerX500Principal().getName("RFC1779") for retrieving issuer from X509Certifcate since RFC 2253 obsoletes RFC 1779.

2) I noticed that if the Organization is something like "{SOME DIGITS}" (i.e. self signed certificates), getIssuerX500Principal().getName() returns something like the following.
O=|0|{|0|7|0|E|0|F|0|2|0|B|0|1| ....

And still getIssuerX500Principal().getName("RFC1779") returns it correctly. Can anyone explain why is that and whats the workaround?

3) In case issuer name contains null bytes in between, what is the expected behavior of getIssuerX500Principal().getName() ?
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic