Hello,
i have the requirement to embed a custom extension in a X.509 certificate. This
extension should carry
role information about the role of the certificate owner.
A single role should be expressed with a IA5String value like "User". It must
be possible
for a user to have multiple roles like "User", "Administrator" etc.
I want to register a custom OID for my role attribute.
This is the asn.1 definition:
Extension ::= SEQUENCE {
extnID = {custom OID}
critical = false
extnValue ::= OCTET STRING (CONTAINING Role)
}
Role ::= IA5String
(I'm don't know how to specify in ASN.1 Syntax that Role can have multiple
values...)
Now when it comes to certificate creation with openssl i'm not sure how to enter
my extension and its value(s) correctly into the cert. I read the manpage of
ASN1_generate_nconf
and openssl.txt but i'm still confused. Here is what i think i have to do:
1)
Add the new oid to openssl.cnf, [ new_oids ] as
my_role_extension = x.x.x.x.x
and later enter the value(s)
2)
x.x.x.x.x=ASN1:IA5String:section
[section]
role.1=User
role.2=Administrator
Is the 2nd step correct? Especially when it comes to enter multiple
values (in this example User and Administrator) for the same field (role)? Is
the syntax correct?
Thanks in advance for any help!
Jan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
