Certificate for Smart Card Logon

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Certificate for Smart Card Logon

Nabil Ghadiali
Certificate for Smart Card Logon

Hello,

I am trying to generate a certificate to be used for Windows Smart Card Logon from my Internal Certificate Server. I know that I need the UPN in the otherName of the SubjectAltName extension. The OID for the UPN is 1.3.6.1.4.1.311.20.2.3.

My Certificate Server however will allow me only to provide this extension in the form of a base-64 encoded blob at the time of the certificate request. Can openssl be used to generate just this extension in this format?

Thanks,
Nabil

Reply | Threaded
Open this post in threaded view
|

Re: Certificate for Smart Card Logon

Nils Larsch
Nabil Ghadiali wrote:

> Hello,
>
> I am trying to generate a certificate to be used for Windows Smart Card
> Logon from my Internal Certificate Server. I know that I need the UPN in
> the otherName of the SubjectAltName extension. The OID for the UPN is
> 1.3.6.1.4.1.311.20.2.3.
>
> My Certificate Server however will allow me only to provide this
> extension in the form of a base-64 encoded blob at the time of the
> certificate request. Can openssl be used to generate just this extension
> in this format?

should be possible using the "openssl asn1parse -genstr ..." option
(see manpage). Note: you need openssl >= 0.9.8 for this.

Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Certificate for Smart Card Logon

Nabil Ghadiali

Hello,

I have tried to use the genstr option,but haven't been successful :(.

Could you please tell me the format of the command.

openssl asn1parse -genstr
"subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:[hidden email]"

Thanks in advance.

nabil


-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Nils Larsch
Sent: Friday, July 08, 2005 2:16 PM
To: [hidden email]
Subject: Re: Certificate for Smart Card Logon


Nabil Ghadiali wrote:

> Hello,
>
> I am trying to generate a certificate to be used for Windows Smart
> Card
> Logon from my Internal Certificate Server. I know that I need the UPN in
> the otherName of the SubjectAltName extension. The OID for the UPN is
> 1.3.6.1.4.1.311.20.2.3.
>
> My Certificate Server however will allow me only to provide this
> extension in the form of a base-64 encoded blob at the time of the
> certificate request. Can openssl be used to generate just this extension
> in this format?

should be possible using the "openssl asn1parse -genstr ..." option (see
manpage). Note: you need openssl >= 0.9.8 for this.

Nils ______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]