Monday, August 07, 2006

How to extract your DN (Distinguished Name) from your certificate

The recepie below may not be the simplest but this is what I had discovered while learning this subject

From the browser which holds your certificate make a bakup that will save it in p12 format.
If you are working under Windows, this is the right moment to FTP it to
Linux where life are easier, then proceed from you Linux computer by converting the *.p12 certificate to *.pem format:

openssl pkcs12 -info -in guy_cert_iucc_expired.p12 -out ~/.globus/usercert.pem

(don't forget BTW to chmod 644 this file)

then, extract the DN by:

/usr/local/globus-4.0.2/bin/grid-cert-info -subject

in my case the result will be:

/C=IL/O=IUCC/CN=IUCC/emailAddress=ca@mail.iucc.ac.il

which is my DN

actually you can simply grep the string subject from usercert.pem

Good luck