> > You're right, the ordering you see is quite unusual. It is not *that* unusual. It happens when you try to setup a CA with openssl while reading the x509 -text output in an LDAP sense.
X501: Each initial sub-sequence if the name of an object is also the name of an object. The sequence of objects so defined, staring withe the roort and ending with the object being named, is such that eah is the immediate superior of that which follows it in the sequence. I doubt that someone would get any cross certificate for a CA with an ordering like this ... unless your common name is GWB implying that all countries are governed by you. :-) Or, one should look at the policy definition of this CA. I really doubt that they voluntarily have chosen this inverse naming order. Probably the policy just states: 'here is our current root certificate printed by OpenSSL.' Peter ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
