Difference between openssl subject and pki subject. Why?

[ranierimazili]

Hello,

when extracting the subject using the openssl command, the result is: C=BR, ST=RJ, L=RIO DE JANEIRORJ, O=BCO BM, OU=8342c33e-d95a-5fe7-8f27-dd7a95c68b77, CN=myurl.com, serialNumber=55246410000155, businessCategory = Business Entity, jurisdictionC = BR, UID = 18628a0f-46bd-4eba-a112-de2477237948

Command: openssl x509 -noout -subject -in cert.pem

When extracting the subject using pki command, the result is:

C=BR, ST=RJ, L=RIO DE JANEIRORJ, O=BCO BM, OU=8342c33e-d95a-5fe7-8f27-dd7a95c68b77, CN=myurl.com, =55246410000155, 
=Business Entity, =BR, =18628a0f-46bd-4eba-a112-de2477237948

Code

const pki = require('node-forge').pki;
const cert = pki.certificateFromPem(certPem);
console.log(cert.subject);
const subject = cert.subject.attributes
.map(attr => [attr.shortName, attr.value].join('='))
    .join(', ');

Note it keep the values, but cannot nominate the attributes serialNumber, businessCategory, jurisdictionC and UID.

Is there a way to have the same result as openssl command?

[davidlehn]

Can you provide an example cert? Ideally one that could go in the test suite. It may just be openssl knows about more OIDs and shortnames and can at least display them properly. I think forge will likely decode everything, but maybe not be able to display some properties. Might be easy enough to add more entries to lib/oids.js or shortnames in lib/x509.js as needed.