Re: Adding Application Attributes to X509 Certificates?

Thu, 11 Apr 2002 13:58:12 -0700 

In message <[EMAIL PROTECTED]> on Thu, 11 Apr 2002 15:26:49 +0500, Brian 
Skrab <[EMAIL PROTECTED]> said:

brian.skrab> Thank you for your quick reply.  The addition of the
brian.skrab> attributes to the certificate does not need to take
brian.skrab> place in the signing request.

Do you mean that the attributes do not necessarely need to be part of
the CSR?  I agree, I just thought that was what you were after.

brian.skrab> Is there a way (using OpenSSL 0.9.6c) for the CA to add 
brian.skrab> extensions to  the certificate at the time that it is
brian.skrab> signed? 

Absolutely.  If you look in the default openssl.cnf, you'll see that
the CA_default section has a key called "x509_extensions" which names
the section where the extensions are stored.  If you go to that
section "usr_cert", you'll see the extensions that are added to the
new certificates.  That default section is of course ignored if you've
given a different section name with -extensions.

brian.skrab> I have added "custom" OIDs to the configuration file, and
brian.skrab> have created a section called [ extensions ] in which I

brian.skrab> list the new objects, but when I call:
brian.skrab>    openssl ca -keyfile cakey.pem -in csr.pem \
brian.skrab>    -extensions extensions -out crt.pem
brian.skrab> 
brian.skrab> I receive an error that reads:
brian.skrab> 
brian.skrab> Error Loading extension section extensions
brian.skrab> 903:error:2207C081:X509 V3 routines:DO_EXT_CONF:unknown 
brian.skrab> extension:v3_conf.c:125:
brian.skrab> 903:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in 
brian.skrab> extension:v3_conf.c:91:name=MyAttribute, value=MyValue

So, you either haven't added an OID named MyAttribute, or you have
misspelled something.  Care to show us your configuration file?

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken  \ S-168 35  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to