Config question

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Config question

Richard Simard

Good Morning all.

 

Wen I creating my root certificates I would like to add the version of the certification authority. I searched but I couldn't find anything. Is there anyone among you who could tell me how to add this information in the configuration of OpenSSL

Tank-You

https://www.groupesti.com/img/logo-28x28.pngGroupe Solutions TI

Richard Simard

B. Sc. I, ING. I, M.S.I. ASER

Président

Agent Provincial FQCQ

Matricule : 83787

Radioamateur : VA2SI Formateur et Examinateur

Groupe Solutions TI

3-4109, Saint-Alexandre

Saguenay, Québec

G8A 2H1, Canada

Cellulaire : +1 (418) 812-8760

Courriel : [hidden email]

 

 

 

Messages de confidentialité : Ce courriel (de même que les fichiers joints) est strictement réservé à l'usage de la personne ou de l'entité à qui il est adressé et peut contenir de l'information privilégiée et confidentielle. Toute divulgation, distribution ou copie de ce courriel est strictement prohibée. Si vous avez reçu ce courriel par erreur, veuillez nous en aviser sur-le-champ, détruire toutes les copies et le supprimer de votre système informatique.

 

Confidentiality Message : This communication (including any files transmitted with it) is intended solely for the person or entity to whom it is addressed, and may contain confidential or privileged information. The disclosure, distribution or copying of this message is strictly forbidden. Should you have received this communication in error, kindly contact the sender promptly, destroy any copies and delete this message from your computer system.

 

 

  

 

 

Reply | Threaded
Open this post in threaded view
|

RE: Config question

Michael Wojcik
From: openssl-users [mailto:[hidden email]] On Behalf Of Richard Simard
Sent: Tuesday, March 03, 2020 07:57

> Wen I creating my root certificates I would like to add the version of the
> certification authority. I searched but I couldn't find anything. Is there
> anyone among you who could tell me how to add this information in the
> configuration of OpenSSL

What does this "version" look like?

Can you simply make it one of the components of the Subject and Issuer DNs (which must be the same, since this is a root certificate)? Assuming you want to conform to PKIX, RFC 5280 allows the serialNumber attribute (which is not the same as the certificate serial number) in a DN; you could use that.

There's also the old "Netscape Comment" extension. There might be other suitable extensions.

--
Michael Wojcik
Distinguished Engineer, Micro Focus