Authenticode signing certificate subject DN missing attributes
ID PE186 Level INFO Category Format
Description
Authenticode signing certificate subject distinguished name is missing some of the most common attributes. The most common attributes include:
- Organization (
O) - Locality (
L) - State or province (
P) - Country (
C)
The attributes argument of the rule output will contain a comma-separated list of the attribute abbreviations.
Mitigation
- When generating the CSR (certificate signing request) using
openssl req, do not omit the answers to theopensslprompts. Specify the values for the attributes listed above. - Alternatively, specify the distinguished name details in the configuration file. See the
openssl reqdocumentation page for more details.
Arguments
This rule has the following output arguments:
-
signature_info- Readable affected signature name (e.g. "root signature", "timestamp root signature", "nested signature (index 1)") -
attributes- Comma-separated list of the attribute abbreviations
Loading...
Unable to load this documentation page.