In the certificate displays, the subjectAltName (SAN) content is not
expanded, you show:
X509v3 Subject Alternative Name:
othername:<unsupported>
You can expand this with the 'right' openssl command.
First:
openssl asn1parse -i -in cert.pem
Find the offset for SAN content. Say it is 189. Then:
openssl asn1parse -i -strparse 189 -in cert.pem
This will provide you an expansion of the actual SAN content for
including in the draft.
Partly, I want to see what OID you are using in SAN. Per RFC4108,
referenced in IEEE 802.1AR:
id-on-hardwareModuleName OBJECT IDENTIFIER ::= {
iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) on(8) 4 }
HardwareModuleName ::= SEQUENCE {
hwType OBJECT IDENTIFIER,
hwSerialNum OCTET STRING }
I don't think I have my draft, quite right yet, but what I have seen of
your certs, I also don't think you have yours right either. Of course
what is right? Max, please chime in.
Bob
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
