Add dumb hook to set the organization in the client cert

factory/cert_utils.go

@@ -10,6 +10,7 @@ import (
 	"math"
 	"math/big"
 	"net"
+	"strings"
 	"time"
 )
 
@@ -57,6 +58,12 @@ func NewSignedClientCert(signer crypto.Signer, caCert *x509.Certificate, caKey c
 		},
 	}
 
+	parts := strings.Split(cn, ",o=")
+	if len(parts) > 1 {
+		parent.Subject.CommonName = parts[0]
+		parent.Subject.Organization = parts[1:]
+	}
+
 	cert, err := x509.CreateCertificate(rand.Reader, &parent, caCert, signer.Public(), caKey)
 	if err != nil {
 		return nil, err