Martin Plenk wrote: ....
subject Alternate Name with the Microsoft Universal
Principal Name
I generated certificates with a Microsoft CA and used
the ASN1-parser to get the Strings. I attached a
sample File. The problem is, that the length is
encoded. So you can change the text in the attached
file, but the length of the text have to be the same.
Until now I had no time to find out where and how the
length is encoded (Tips are welcome ;-)). So I
generated several Microsoft-Certifcates with
differents length for my domain. When you have changed
the text you can get the hex-String with xxd -p 1.cer.der > 1.cer.hex
Put the HEX-string in your openssl.conf after the
colon subjectAltName= DER:
btw: with OpenSSL 0.9.8-dev you could set the UPN in the subjectAltName with:
subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:blablabla
Microsoft defined an Item for the usage of the certifcate. For a machine you need 1.3.6.1.4.1.311.20.2=DER:1e0e004d0061006300680069006e0065 for a SmartcardUser (logon and Mail) 1.3.6.1.4.1.311.20.2=DER:1e0e004d0061006300680069006e0065 for SmartcardLogon 1.3.6.1.4.1.311.20.2=DER:1e1c0053006d0061007200740063006100720064004c006f0067006f006e
again using 0.9.8-dev you could replace this with: 1.3.6.1.4.1.311.20.2=ASN1:BMP:SmartcardLogon
which is, in my opinion, more readable.
Nils
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
