One hypothetical sane use for a certificate policy extension in a CSR
would be if a CA issues certificates of different types and with
different policies (simple example: Regular SSL certs and EV certs).
Then putting the corresponding policy in the CSR indicates, protected
by the proof-of-possessi
Am 09.09.2013 12:13, schrieb phildoch:
> Ok. So meanwhile, unless it will be proven that is is illegal,
Looking at the IETF RFCs, none that I found explicitly or implicitly
indicated a meaningful use of the certificate policies entry in a CSR.
On the other hand the semantics of this entry means
Ok. So meanwhile, unless it will be proven that is is illegal, let's say that
for any reason the Certificate requester wants to add a "certificate
policies" extension in the CSR.
Is this syntax correct:?
add_ext(exts, NID_certificate_policies, "1.3.6.1");
(based on function mkreq() in file
openss
The requestor is allowed to ask for any extension it wants.
The CA will do its job, ignore those requested extensions, and place the
good ones in the certificate. It can also change the subject name
contained in the certificate.
--
Erwann ABALEA
Le 09/09/2013 11:21, phildoch a écrit :
Oh I s
