On Thu, Jun 23, 2005, Dr. Rodney McDuff wrote: > Hi > I'm try to add multiple caIssuers and OCSP entries to my > authorityInfoAccess attribute and I am having some difficulties with > getting the right openssl.cnf syntax. I want to add the following (Note > LDAP URIs and nasty commas) > > caIssuers;http://server1.domain/certs/ca-certs.p7b > caIssuers;http://server2.domain/certs/ca-certs.p7b > caIssuers;ldap://server1.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;binary > caIssuers;ldap://server2.domain/CN=My%20CA,o=ORG,c=AU?crossCertificatePair;binary > OCSP;http://server1.domain/ocsp > OCSP;http://server2.domain/ocsp > > How is it done? >
To use commas the @section form is mandatory. You also need to keep the LHS unique so something like this should do the trick: [EMAIL PROTECTED] ... [aia_sect] OCSP;URI.1=http://www.some.responder.org/ OCSP;URI.2=http://www.some.other-responder.org/ caIssuers;URI.3=http://server.whatever.org/cert-path caIssuers;URI.4=ldap://server.whatever.org/xxx,yyy Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
