There is a utility called "certpatch" developed by
OpenBSD folks for including the SubjAltName extension.
I have modified it a little bit to suit my need.
This utility modifies the certificate in place and
regenerates the hash. Perhaps you can modify it a
little to suit your need.
If all you nee
...you can't, without re-signing the certificate. (changing the
certificate data invalidates the signed hash.)
However, if you want to, you can use openssl x509 -x509toreq -in
currentcert.pem -out currentcert.req .
Then, create a new configuration template file with the information
you want to r
Hi!
> Err start again :-)
Oops, sorry, I didn't see thread about it.
> Purpose checking is done automatically in the newer releases of OpenSSL
> as part of the client certificate verify process, including checking
>extendedKeyUsage.
>
> Several checks take place, currently documented in the x
Alexey Kobozev wrote:
>
> Hi, All!
>
> Suppose I have a SSL server and I want to check the purpose of
> the client certificate, which means that I need to check the
> enhancedKeyUsage contents. What I've done is enumerated the
> X509 extensions by X509_get_ext_count() and X509_get_ext(),
> found
