DS 6: SSL certificate mapping with subject/issuer containing (")
Hello,
I got my personal test certificate from Verisgin, with an issuer: CN=VeriSign Class 1 Individual Subscriber CA - G2, OU=Persona Not Validated, OU=Terms of use at https://www.verisign.com/rpa (c)05, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
The subject of the certificate ends with: ...OU=Digital ID Class 1 - Netscape, OU=Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."
My certmap.conf looks like:
certmap VeriSign [issuerDN]
VeriSign:FilterCompscn
VeriSign:verifycerton
VeriSign:CmapLdapAttrcertSubjectDN
The question is what's the valid form of these strings containing (") in certmap.conf ([issuerDN]) to match the issuer and in certSubjectDN attribute - assuming it follows DirectoryString syntax. Note that they surround strings containing comma (,).
I see in logs:
conn=1 op=-1 msgId=-1 - SSL 128-bit RC4; client *OU=Digital ID Class 1 - Netscape,OU=Persona Not Validated,OU=\22www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98\22,OU=VeriSign Trust Network,O=\22VeriSign, Inc.\22; issuer CN=VeriSign Class 1 Individual Subscriber CA - G2,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=\22VeriSign, Inc.\22,C=US
I tested configuration against cert strings from logs, but they don't work. Strings containing (") also don't work.
Did anyone face the same issue?
Thanks for help in advance.
