December 9, 2014

x509 certificate subject name and OID

In a X509 certificate, there is always a subject name like the following:

$ openssl x509 -in user-cert.pem -text -noout
        Version: 3 (0x2)
        Serial Number: 1373122324 (0x51d82f14)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=CA
            Not Before: Jul  6 14:52:05 2013 GMT
            Not After : May 15 14:52:05 2023 GMT
        Subject: UID=test,CN=A user

Inside the subject line, there can be multiple subparts, such as CN=xxx, DC=xxxx, UID=xxx, OU=xxx, C=xxx, ... Each subpart is represented in the certificate as an OID that is globally unique and registred with IETF. For example, the OID of CN is, and the OID of UID is 0.9.2342.19200300.100.1.1. How are we supposed to find out the OID? Openssl provides a command option for just.  

openssl x509 -in user-cert.pem -text -noout -nameopt RFC2253,oid

This command will print out the cert with the OID=xxx instead of CN=xxx.

No comments:

Post a Comment