Description
I was not aware of this myself, but apparently -x509 certificates can have multiple domain component fields set in the issuer.
If I am not mistaken the RCF mentions this, see: https://datatracker.ietf.org/doc/html/rfc5280#section-7.3:
Each domainComponent attribute represents a single label.
This has been reported as issue with other certificate management tools:
cert-manager/cert-manager#4424
I came across a client who is using a certificate that specifies multiple domain components in the issuer.
The client is already using this certificate with a firewall solution in production, I cannot easily tell them to replace the cert.
This forced me to create a fork and adapt the implementation of DistinguishedName because a HashMap won't allow storing multiple DC items.
Activity