Ok I was able to get openssl to generate a cert. Now when I got to asn1parse
-strparse the Subject Alternative Name I get:
0:d=0 hl=2 l= 47 cons: SEQUENCE
2:d=1 hl=2 l= 45 cons: cont [ 0 ]
4:d=2 hl=2 l= 6 prim: OBJECT :1.3.6.1.5.2.2
12:d=2 hl=2 l= 35 cons: cont [ 0 ]
14:d=3 hl=2 l= 33 cons: SEQUENCE
16:d=4 hl=2 l= 10 cons: cont [ 0 ]
18:d=5 hl=2 l= 8 prim: GENERALSTRING
28:d=4 hl=2 l= 19 cons: cont [ 1 ]
30:d=5 hl=2 l= 17 cons: SEQUENCE
32:d=6 hl=2 l= 3 cons: cont [ 0 ]
34:d=7 hl=2 l= 1 prim: INTEGER :01
37:d=6 hl=2 l= 10 cons: cont [ 1 ]
39:d=7 hl=2 l= 8 cons: SEQUENCE
41:d=8 hl=2 l= 6 prim: GENERALSTRING
Is that has far as I will be able to see or is there a way to parse out the
rest?
Thanks,
Bram
On 2010-08-08, at 3:41 PM, Bram Cymet wrote:
> I have attempted a number of different command line commands. They are all
> similar to:
>
> openssl x509 -extfile req.conf -extensions client_cert -in bcymet-cert.pem
> -out test.pem
>
> openssl x509 -req -in req.pem -sha1 -extfile req.conf -extensions client_cert
> -CA CA.pem -CAkey cakey.pem -out test.pem
>
> Can you give me an example of how to create the cert or a req with the
> extensions?
>
> Thanks,
>
> Bram
>
> On 2010-08-08, at 8:38 AM, Dr. Stephen Henson wrote:
>
>> On Fri, Aug 06, 2010, Bram Cymet wrote:
>>
>>> It complains about the client_cert section.
>>>
>>> Attached is the conf file.
>>>
>>> I am using openssl 1.0.0.
>>>
>>
>> That's odd, I just tried it on the latest 1.0.0-stable (1.0.0a should be near
>> enough) and other than the typo for prompt it works fine.
>>
>> What command line are you using?
>>
>> Steve.
>> --
>> Dr Stephen N. Henson. OpenSSL project core developer.
>> Commercial tech support now available see: http://www.openssl.org
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager majord...@openssl.org
>
