Views:
MISO recognizes client-side digital certificates issued by the following trusted Certificate Authorities:
  • IdenTrust – www.identrust.com
    • You may purchase a “TrustID Business Certificate” from IdenTrust
    • (http://identrust.com/certificates/trustid.html)
  • Entrust – www.entrust.com
    • You may purchase a “Entrust Secure Email Cert (Enterprise)” from Entrust
    • (http://www.entrust.net/secure-email/enterprise.htm)
  • OATI – http://www.oaticerts.com/
    • For new customers please call 763-201-2020 to start the process, for existing customers email support@oati.net
    • OATI customer service will direct on what type of certificate to purchase

It is important to note the following in regards to DN information:

  • Information should be entered in all lowercase; this conversion will usually happen automatically during the submission by an LSA, but certain characters in a DN string will require the string to be manually converted to all lowercase before submission (in particular, a comma embedded within a field value typically prevents the automatic conversion from happening)
  • All fieldName=value pairs entered must be in the same order left-to-right as originally displayed on the certificate in either left-to-right or top-to-bottom order; note, if utilizing OASIS to expose a DN string, the content is displayed in reverse field order compared to how it should be entered for a Market Portal account
  • The state field name must be entered as “st” in the DN information field, rather than just "s" as shown within Internet Explorer
  • The email address field name must be entered as “emailaddress” in the DN information field, rather than just "e" as shown within Internet Explorer
  • Each fieldName=value pair must be separated by a comma from the subsequent field Name/value pair (no leading/trailing comma at front or end of entire string)

The information maintained in the Distinguished Name field is different between certificates from each Certificate Authority. The position of the fields may also differ.

I. IdenTrust
The following information depicts the DN information that is displayed when the Subject field of
the digital certificate is displayed.
0.9.2342.19200300.100.1.1 = D01E4742000000FCA7E82BDA000050CF
e=user@orgunit.com
cn=user name
ou=markets
ou=miso
o=trustid business certificate
c=us
The following string represents the DN information, as shown above, when entered by the LSA in the Market Portal during the Create User Account process or the modify User Account process.

  • uid=d01e4742000000fca7e82bda000050cf,emailaddress= user@orgunit.com,cn=user name,ou=markets,ou=miso,o=trustid business certificate,c=us

II. OATI and Entrust
The following information depicts the DN information that is displayed when the Subject field of the digital certificate is displayed.
cn=user name
ou=markets
o=midwest iso
l=carmel
st=in
c=us
emailaddress=user@orgunit.com


The following string represents the DN information, as shown above, when entered by the LSA in the Market Portal during the Create User Account process or the modify User Account process.

  • cn=user name,ou=markets,o=midwest iso,l=carmel,st=in,c=us,emailaddress=user@orgunit.com

For more information, reference the MISO SSLSA User Guide located here Microsoft Word - Self-Service LSA User Guide.docx (misoenergy.org)

Keywords: SSLSA, Certificate, DN String, DN, Market Portal, LSA, Client