Hi I have the same problem here. I however have difficulty getting the -certopt option to work.
I try to run "openssl x509 -text -certopt ext_parse -in newcert.pem -out newcert.crt" but get an error that says -certopt is not an option. Please advise on how to run the -certopt option. Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dr. Stephen Henson Sent: Saturday, May 11, 2002 7:59 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: x509v3 extension parsing On Thu, May 09, 2002, Thorsten Glaser wrote: > Hello all, > > I tried to convert the following certificate (see below) > to readable text using > openssl x509 -text -in [below] -noout | less > > However, the x509v3 certificate extensions look like > --- cutting here may damage your screen surface > [...] > Exponent: 65537 (0x10001) > X509v3 extensions: > 2.5.29.1: > 0....[.p.ir.#Q~..M....r0p1+0)..U..."Copyright (c) 1997 Microsoft Corp.1.0...U....Microsoft Corporation1!0...U....Microsoft Root Authority......<<...>.c..@ > Signature Algorithm: md5WithRSAEncryption > --- cutting here may damage your screen surface > > which is, of course, not what I want. > (To be honest, I want to look what extensions Microsoft (and others) > have in their certificates, and then integrate them into mine, too.) > > [cert deleted] > This goes wrong on both OpenBSD 3.1-current and the > latest OpenSSL snapshot (0.9.8d or something-beta). > That's the 'traditional' output format for unknown extensions. You can change this behaviour using the -certopt command line switch. For example -certopt ext_parse will run unknown extensions through the ASN1 parser. > Additionally I wanted to ask whether support for > integrating "othername:" and IPv6 into the file > crypto/x509v3/v3_alr.c is planned because I want > to use them also. > IPv6 is planned. Othername is problematical: the actual format of the extension is that it could contain an OID followed anything at all. It would be possible to support simple strings or standard forms though. Steve. -- Dr. Stephen Henson [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~steve/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
