Yes, understood, but in this case someone will send a certificate request via e-mail, I will not be involved in making it. I will fill/sign that request and send it back. The request will come with the standard information tucked away in the DN.
I need to add information to the DN, something I have been unable to do with out generating the request myself. According to the man info there are extensions and x509_extensions I've tried both and I'm a bit more confused now. I tried using the -extfile option but I can not insert my own values into the DN. When I run openssl x509 -extfile I get "no" errors, the certificate is created. But upon viewing it the addition to the DN are not there. I think that really I'm asking the wrong question. What I want to do is add information to a certificate when its generated. The nature of which is internal only. Is there a way to do this with out patching openssl's code? If yes, what would be your suggestion? --- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote: > On Wed, Nov 10, 2004, ray v wrote: > > > I wish to add something like > > > > 1.3.6.1.4.1.9999.1 to the Distinguished name > > something like... > > > > CN=Me,O=FOO,OU=Bar,1.3.6.1.4.1.9999.1=stuff > > > > What's the best way to do this when you need to > > specify the -extfile option? Or is it really > necessary > > to use the -extfile ? > > > > Extfile is for certificate extensions. If you want > to add DN components you > need to add those to the appropriate section where > they will be prompted for > when a certificate request is made. > > This is in the section req_distinguished_name in the > standard openssl > configuration file. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: > see homepage > OpenSSL project core developer and freelance > consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
