Hi all, I'm trying to add the x500UniqueIdentifier attrib to a cert request, and/or at the signing stage, but am not having success. Using 0.9.8c, the [x509_extensions] attrib:
x500UniqueIdentifier = 'foo' causes: Error Loading extension section local_ca_extensions 1972:error:0E06D06C:configuration file routines:NCONF_get_string:no value:.\crypto\conf\conf_lib.c:329:group=local_ca name=email_in_dn 1972:error:22097081:X509 V3 routines:DO_EXT_NCONF:unknown extension:.\crypto\x509v3\v3_conf.c:129: 1972:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:.\crypto\x509v3\v3_conf.c:93:name=x500UniqueIdentifier, value=foo Apparently this is just because in my build I do not have an OID/name mapping for x500UniqueIdentifier (also tried uniqueIdentifier), however manually entered OID values (1.2.3 etc) also are not accepted. My questions are: 1) is there a doc that describes how to add custom attributes? 2) why would x500UniqueIdentifier and uniqueIdentifier not be present in 0.9.8, or am I just mis-placing the attrib? 3) Has anyone also embedded logos (RFC 3709), useful (someday) for client certs, like for signing and authentication. Also apparently useful in server certs. Thank you very much, Ken ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
