On Fri, Nov 12, 2004, ray v wrote: > Ok I can get x509 to accept the extension now, > something like this > > extensions = extend > > [extend] > #basicConstraints = critical,CA:true > 1.3.6.1.4.1.9999.1002 = > DER:06:09:2B:06:01:04:01:D6:1F:87:6A > > openssl x509 -in test.crt -text -noout > > X509v3 extensions: > 1.3.6.1.4.1.9999.1002: > ..+.......j > > This would be acceptable if I could figure out how to > make 1.3.6.1.4.1.9999.1002 = va1=48837774. Give what > I've heard and seen so far I don't think what I want > to do will work. > > I'm going back over the documentation again to see > what I what I'm missing. Maybe someone can explain why > I should expect this to work with out patching > openssl? > > BTW I found this tool which might be useful to the > openssl user community.... >
For the first bit you need 1.3.6.1.4.1.9999.1002 to be recognized as 'val1'. If you add the OID in openssl.cnf and openssl reads from that file it will work. The second bit you can't directly do because the extension type isn't recogized. If you include the option -certopt ext_parse that will look a bit better. However if you just want some text to appear in a cerfiicate there are easier ways to do it. For exampole there's an old extension called "netscape comment" which you can just place some text into. So if you did: nsComment=val1=something, val2=somethingelse in the extensions section that will appear. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
