If I understand you correctly, subjectAltName would serve you fine. There are enough fields there to add stuff. For example, you can just use email:[EMAIL PROTECTED]
It will not be a real e-mail address, but it will have the information you need. You need to have this in openssl.cnf to to the CSR, but automating that is not hard enough. --Javed > -----Original Message----- > From: Brian Skrab [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 11, 2002 10:10 AM > To: [EMAIL PROTECTED] > Subject: Adding Application Attributes to X509 Certificates? > > > Hello, > > I have searched the mailing list archives and cannot seem to find a > specific answer to a very high-level question. > > Is there a method for adding (and retrieving) application-specific > attributes to an SSL certificate using OpenSSL? > > Specifically, I would like to add a collection of attributes to > certificates that I will be issuing in order to tie a set of > application > permissions to each certificate. I have managed to add attributes to > CSRs by creating new OIDs in the openssl config file and > filling them in > during CSR creation. Calling: > > openssl req -noout -text -in csr.pem > > displays the "custom" attributes in the "Attributes:" section of the > text display. However I'm not certain that this is the > appropriate way > to achieve this function. > > Additionally, I am unsure of how to retrieve these attributes > after the > requests have been signed and turned into certificates. > Displaying the > certificate using: > > openssl x509 -noout -text -in crt.pem > > does not display the attributes as they were shown in the CSR. > > Any hints, pointers, or (dare I dream to be so lucky) sample > code will > be much appreciated. > > Thank you, > > ~brian skrab > [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
