/identities enroll generates incomplete certificate Subject (missing C, ST, O, etc)

[cshuangtw]

Hi maintainers,

I'm using firefly-fabconnect v0.9.23 and encountered an issue when enrolling a new identity using the /identities API.

---

🧪 Context

I registered and enrolled a client identity "alextest3" using the following endpoint:

POST /identities

The resulting certificate was generated successfully, but when inspected with openssl, the Subject field was incomplete:

openssl x509 -noout -text -in alextest3@FactoryDevMSP-cert.pem

Resulting Subject (via Fabconnect):

OU = org1 + OU = client + OU = department1, CN = alextest3

By contrast, when I use the fabric-ca-client CLI to enroll a similar identity, the certificate includes the full Subject information:

Resulting Subject (via fabric-ca-client):

C = TW, ST = Taiwan, O = factory.22.dev, OU = client, CN = user1@factory.22.dev

---

📌 Problem

The certificate issued via Fabconnect appears to have missing Distinguished Name (DN) fields such as:

• C (Country)
• ST (State)
• O (Organization)
• OU (single Organizational Unit)

Only multiple OU fields appear to be injected from attributes.

---

💡 What I'm trying to achieve

I would like to generate a certificate through Fabconnect's /identities API that includes a full Subject DN, just like what fabric-ca-client allows when using --csr.names.

---

❓Questions

1. Is there any supported way to customize the CSR or Subject fields via Fabconnect?
2. Does Fabconnect support forwarding custom CSR data (like csr.names) to the Fabric CA server?
3. If not currently supported, is there a recommended workaround or roadmap item for this?

---

🔗 References

• firefly-fabconnect v0.9.23
• Fabric CA Enroll CSR Options

---

Thanks for your help and great work on the project!

Best regards,
@cshuangtw