On 02/07/2014 04:11 PM, Walter H. wrote: > On 07.02.2014 21:04, Tom Pfeifer wrote: >> ...which are required for Extended Validation (EV) certificates. I'm >> currently using openSSL 1.0.1e-fips on Fedora 20, and I have these OIDs >> specified in the [new_oids] section in openssl.cnf like this: >> >> jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1 >> jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2 >> jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3 >> >> Also, referring to this web page (from 2010): >> http://www.frank4dd.com/howto/openssl/add_oids_to_openssl.htm >> >> ...I looked in crypto/objects/objects.txt in the 1.0.1e source tree, and >> they were not listed in that file with other OIDs. I also looked at the >> 1.0.1f source tree with the same result. >> >> The issue I'm having is that they don't show up in the Subject line in >> the certificate when specified in the -subj string, while all other OIDs >> specified in the same -subj string do show up. They are just ignored, >> with no error message. > You have to expand the [ policy_default ] or other section of your > choice with something similar to > > jurisdictionOfIncorporationLocalityName = optional > jurisdictionOfIncorporationStateOrProvinceName = optional > jurisdictionOfIncorporationCountryName = optional > > Walter >
OK, thanks very much for that info. I'll look into that. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
