I think every issue relating to DNs, RDNs, AVAs, and DER coding have
been resolved collectively by various people except for one nagging
detail.
From what mtr says, and I have no reason to doubt him as it
matches my original understanding, all the types in the AVAs of
a single RDN must be unique.
This means the subject DN in the certificate below is bad but no
one from RSA has confirmed it.
(It also means taht I have to update my self-signed generation code
to handle the more general multiple AVA per RDN cases... :-< )
-Ray
subject DN = {C=US},{O=RSA Data Security, Inc.},
{OU=Beta,OU=Commercial Certification Authority}
CertificateInfo:
MIIB1TCCAV8CBEYAAAMwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAe
BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVMb3cgQXNz
dXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTkyMDkxMDAwMjQyNVoX
DTk0MDkxMDAwMjQyNFowaTELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRh
IFNlY3VyaXR5LCBJbmMuMTgwCwYDVQQLEwRCZXRhMCkGA1UECxMiQ29tbWVyY2lh
bCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
QQDDWqnejrisFPBplUEpBzWwDQMVjuKCfuLPm4mspADnzM6ox/vou/mzKmMW/gmy
KoBCcrEHSxRj8zPLkgtBiVjbAgMBAAEwDQYJKoZIhvcNAQECBQADYQCN1EqsE7o/
7SfRVPWdDmdCa3NvnJs85ckn48JWwshX+0O3w8oA1om9CTfgzdUjOQpRpZaB5asK
4DfqWoen/OxfMGcnXWuqNd/63wXu3eZG41Hwg6wzuV57KkXyarQKwjF=