On 8.7.2016 05:42, Fraser Tweedale wrote: > > 2. If argument contains CN but it is not the "most specific" > RDN, move it to the front (to satisfy requirement of Dogtag > profile). I wonder if we can relax the requirement in Dogtag so no reordering is needed. After all, DN is just a name, isn't it? Why Dogtag requires particular field in DN?