Hi David, Section 5.1 Examples of directory names. I believe domainComponent should be encoded as IA5String. The latest openssl and our RedHat Certificate system encodes domainComponent 'DC' as IA5String. Openssl 9.7c or older version encodes domainComponent as PrintableString. We had to convince RedHat folks to develop a patch for RedHat certificate system so that it would accept 'domainComponent' as PrintableString also. PrintableString is really a subset of IA5String, so if we change it IA5String that covers old style of encoding and new style of encoding. But if we keep it as PrintableString then the new certificates issued by DOEGrids are not covered here. I hope thats true for all other CAs. thanks dhiva ATF Team DOEGrids CA operators
David, I have now finally had time to go through the document and made only a few changes. And fixed a few bugs, like commonName cannot use IA5String as encoding. I used Word's change tracker.
http://www.grid-support.ac.uk/files/eugridpma-certprofile-20060814-0-6-jens....