Hopefully this is a straight forward question: Are the "jursidictionOfIncorporation" OIDs supported in the current version of openSSL (Linux)? The ones I'm referring to are:
1.3.6.1.4.1.311.60.2.1.1 jurisdictionOfIncorporationLocalityName 1.3.6.1.4.1.311.60.2.1.2 jurisdictionOfIncorporationStateOrProvinceName 1.3.6.1.4.1.311.60.2.1.3 jurisdictionOfIncorporationCountryName ...which are required for Extended Validation (EV) certificates. I'm currently using openSSL 1.0.1e-fips on Fedora 20, and I have these OIDs specified in the [new_oids] section in openssl.cnf like this: jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1 jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2 jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3 Also, referring to this web page (from 2010): http://www.frank4dd.com/howto/openssl/add_oids_to_openssl.htm ...I looked in crypto/objects/objects.txt in the 1.0.1e source tree, and they were not listed in that file with other OIDs. I also looked at the 1.0.1f source tree with the same result. The issue I'm having is that they don't show up in the Subject line in the certificate when specified in the -subj string, while all other OIDs specified in the same -subj string do show up. They are just ignored, with no error message. I'm just trying to understand why these are required for an EV certificate, yet they don't seem to be supported by openSSL, at least on Linux. Any information that can help me clear this up would be appreciated. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
