syntax for openssl.cnf description & prompting for input

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

syntax for openssl.cnf description & prompting for input

Reinhard Haller
Hi,

I want to create certificates with 2 subject alternative names:
email
employee-number

The emailAddress is not part of the subject distiguished name.

Until now I've not found a documentation, how to insert the fields
in the subjectAltName and prompt the user for input (something
like the following snippet).

[ new_oids ]
employee_num=1.2.3.4

[ employee_cert ]
subjectAltName=email:<prompt for input>,otherName:employee_num;<prompt
for input>

Any ideas?

Thanks
Reinhard Haller

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: syntax for openssl.cnf description & prompting for input

Goetz Babin-Ebell
Reinhard Haller wrote:

> Hi,
>
> I want to create certificates with 2 subject alternative names:
> email
> employee-number
>
> The emailAddress is not part of the subject distiguished name.
>
> Until now I've not found a documentation, how to insert the fields
> in the subjectAltName and prompt the user for input (something
> like the following snippet).
Perhaps you could apply my patch from ticket 1050.
That allows to copy/move arbitrary subject DN fields to
subjectAltName extension.

With that you could generate an request that has the employee-number
in the DN,
and on certification it is moved to the subjectAltName extension.

Bye

Goetz

--
DMCA: The greed of the few outweighs the freedom of the many

smime.p7s (4K) Download Attachment