Hi, I'm trying to generate a certificate request using the --extSAN option but am running into issues with the formatting of the inputs.
For example, if I'm trying to add an "other" SAN with an OID identifier like 1.3.6.1.4.1.311.20.2.3, in other utilities like OpenSSL or certreq.exe, they require you specify the data type of the value. However, certutil does not point out anything along those lines in their documentation. In OpenSSL, I would write something like this in the config file: SubjectAltName=otherName:1.3.6.1.4.1.311.20.2;UTF8:john....@example.com Certutil documentation doesn't explain where or if the "UTF8" portion should be included. If I use --extSAN like this: --extSAN other:1.3.6.1.4.1.311.20.2;john....@example.com The result is a certificate request with a broken extension. The subject alt name looks like gibberish when I display it with OpenSSL and my CA rejects the cert request as invalid. Is there a specific way I should be formatting this that isn't in the documentation? Thanks! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
