I'm a newbie with Hashicorp Vault and PKI so bear with me :) I've recently set up an intermediate CA and went through the motions of creating roles etc. I then proceeded and generated a certificate using one of the roles, like so :
vault write -field=certificate test/pki/issue/server common_name="Bla bla" OU="Test OU" organization="Test Org" format="pem_bundle" > testhost.pem
However when I checked the subject of the cert, like so :
vault read -field=certificate test/pki/cert/53-5c-e6-7e-2d-56-4e-72-f7-db-a2-5c-6a-89-33-f9-43-52-58-92 | openssl x509 -noout -subject
Its giving me this :
subject= /O=Test Org/OU=Test OU/CN=Bla bla
Is there any way I could change it to :
subject= CN=Bla bla,OU=Test OU,O=Test Org
If this isnt possible, I understand, just would like to check. Thanks!
The order in the subject= line is determined by openssl, which follows RFC 1779's definition of string representations of Distinguished Names for the x.500 standard. "Subject" is a type of Distinguished Name for identifying the certificate. Attributes for the Subject are listed from most general (e.g., Country) to most specific (e.g., Common Name).
(RFC 1779 updates RFC 1485, and is updated by 2253 and RFC 4514, and likely others.)