OpenSSL以前具有刻薄的评论说此OID的缩写形式的权威性答案为"ST"，而Microsoft使用的是"S".可能是这样的情况，两个不同的RFC以不同的短格式引用了相同的OID，并且每个库最终都有自己的答案，以表示对该特定值使用什么.如果您可以使用在各种环境中都应该稳定的OID值来打印名称，但是否则，您可能只需要想出一种在S=或ST=上进行匹配的方法即可. 编辑:我很高兴地注意到 ITU-T X.520 (2012/10)说，"ST"是正确的答案，而以S =为例: 6.3.3州或省名称 州或省名称"属性类型指定州或省.当用作目录名称的组成部分时，它标识地理分区，在该地理分区中，命名对象实际位于其中或以其他重要方式与之关联. 州或省名称的属性值是一个字符串，例如 S ="Ohio" stateOrProvinceName ATTRIBUTE ::= { SUBTYPE OF name WITH SYNTAX UnboundedDirectoryString LDAP-SYNTAX directoryString.&id LDAP-NAME {"st"} ID id-at-stateOrProvinceName }(强调我的名字，可惜我不能同时强调和保留空格的" LDAP-NAME {"st"} )I'm using certificate with subject CN = operator-1505O = Test orgL = MoscowS = MoscowC = RUBut when I'm trying to get this certificate in my servlet: @Override protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { X509Certificate[] certificates = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); if (certificates != null && certificates.length == 1) { X509Certificate certificate = certificates[0]; authenticate(certificate, req, resp); } }Subject in certificate variable is:CN=operator-1505, O=Test org, L=Moscow, ST=Moscow, C=RUWhy jetty transformed S parameter to ST? 解决方案 The S (or ST) isn't really in the certificate. What it contains is the Object Identifier (OID) 2.5.4.8.OpenSSL used to have a snarky comment saying that an authoritative answer for the short form of this OID is "ST", but that Microsoft used "S".It's probably the case that two different RFCs referenced the same OID with different short forms, and each library just ends up with its own answer for what to use for that particular value.If you can print the name using OID values that should be stable across environments, but otherwise you may just have to come up with a way to match on S= or ST=.Edit: I'm amused to note that ITU-T X.520 (2012/10) says that "ST" is the correct answer, while using S= as an example: 6.3.3 State or Province Name The State or Province Name attribute type specifies a state or province. When used as a component of a directory name, it identifies a geographical subdivision in which the named object is physically located or with which it is associated in some other important way. An attribute value for State or Province Name is a string, e.g., S = "Ohio"stateOrProvinceName ATTRIBUTE ::= { SUBTYPE OF name WITH SYNTAX UnboundedDirectoryString LDAP-SYNTAX directoryString.&id LDAP-NAME {"st"} ID id-at-stateOrProvinceName }(emphasis mine, and sadly I can't have the "LDAP-NAME {"st"}" both emphasized and whitespace-preserving) 这篇关于为什么将码头证明书主体参数S转换为ST?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！