Hi Stefan, On 2013-05-08, at 5:58 AM, Stefan H. Holek wrote:
> Hi Patrick, > > The 'keyid' keyword in this case means 'copy from signing cert'. To add > arbitrary values to certificate extensions, you must use the 'arbitrary > extension format': > > http://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS > http://www.openssl.org/docs/crypto/ASN1_generate_nconf.html#GENERATION_STRING_FORMAT > Thanks for pointing me in the right direction. In case anyone has to do this again, the correct incantation appears to be: [ user_with_bad_aki ] authorityKeyIdentifier = ASN1:SEQUENCE:bad_aki [ bad_aki ] keyIdentifier = FORMAT:HEX,EXPLICIT:0,OCTETSTRING:0102030405060708090A Cheers, --- Patrick Patterson Chief PKI Architect Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
