RADIUS/TLS certificate requesting facility - Country code for UK NRO is set erroneously to 'UK', not 'GB' as per certificate requirements

[spaetow]

Issue type

• Defect - Non-compliance with a standards document or incorrect OS API usage.

Defect/Feature description

How to reproduce issue

Request a new certificate as a UK NRO. The CSR contains 'C=GB'. The certificate is minted with 'C=UK'.

Detail of issue

See above. Whilst this is not deadly, it breaks the established standard that the ISO-3166 country code must be used (which is 'GB' for the UK, not 'UK'). I know, we (I) should have picked this up during beta (and I didn't notice, probably because we're all to used to seeing .UK or just UK in all kinds of places). It's our fault entirely for not noticing before!

CSR contains:

subject=DC = net, DC = geant, DC = eduroam, C = GB, O = "[org redacted]", CN = [host redacted]

NRO Interface contains:

DC=eduroam,DC=geant,DC=net,C=UK,O=[org redacted],CN=[host redacted]

I should mention that this is British exceptionalism at work (ISO-3166 = GB, ccTLD = .uk), as per https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes . Sorry that we're ruining what is otherwise a great thing.