/identities enroll generates incomplete certificate Subject (missing C, ST, O, etc) #132
Description
Hi maintainers,
I'm using firefly-fabconnect v0.9.23 and encountered an issue when enrolling a new identity using the /identities API.
🧪 Context
I registered and enrolled a client identity "alextest3" using the following endpoint:
POST /identities
The resulting certificate was generated successfully, but when inspected with openssl, the Subject field was incomplete:
openssl x509 -noout -text -in alextest3@FactoryDevMSP-cert.pemResulting Subject (via Fabconnect):
OU = org1 + OU = client + OU = department1, CN = alextest3
By contrast, when I use the fabric-ca-client CLI to enroll a similar identity, the certificate includes the full Subject information:
Resulting Subject (via fabric-ca-client):
C = TW, ST = Taiwan, O = factory.22.dev, OU = client, CN = user1@factory.22.dev
📌 Problem
The certificate issued via Fabconnect appears to have missing Distinguished Name (DN) fields such as:
C(Country)ST(State)O(Organization)OU(single Organizational Unit)
Only multiple OU fields appear to be injected from attributes.
💡 What I'm trying to achieve
I would like to generate a certificate through Fabconnect's /identities API that includes a full Subject DN, just like what fabric-ca-client allows when using --csr.names.
❓Questions
- Is there any supported way to customize the CSR or Subject fields via Fabconnect?
- Does Fabconnect support forwarding custom CSR data (like
csr.names) to the Fabric CA server? - If not currently supported, is there a recommended workaround or roadmap item for this?
🔗 References
Thanks for your help and great work on the project!
Best regards,
@cshuangtw