'subject': ((('serialNumber', u'2497886'),), (('1.3.6.1.4.1.311.60.2.1.3', u'US'),), (('1.3.6.1.4.1.311.60.2.1.2', u'Delaware'),), (('countryName', u'US'),), (('postalCode', u'94043'),), (('stateOrProvinceName', u'California'),), (('localityName', u'Mountain View'),), (('streetAddress', u'487 East Middlefield Road'),), (('organizationName', u'VeriSign, Inc.'),), (('organizationalUnitName', u'Production Security Services'),), (('organizationalUnitName', u'Terms of use at www.verisign.com/rpa (c)06'),), (('commonName', u'www.verisign.com'),)), 'version': 2}
Ugly, but accurate. Or is it? Do you really think that "serialNumber" is at the top of a naming tree somewhere?
Firefox claims the same order. To bad Verisign hasn't grasped the concept of distinguished names :-( Had they done it right, incorporationStateId, incorporationLocalityId, streetAddress, localityName, postalCode would all have been in the RDN with organizationName - they are all attributes of that organization (or the address attributes perhaps belong to the OU). Also, I doubt they have an organizationalUnit "Terms of use at ...". Regards, Martin