Re: Java keytool certgen - Alertnative Subject Name
That did the trick... thanks. -dname "C=US,ST=CA,L=Cupertino,O=Apple\ Computer,OU=MyUnit,CN=MyServer,OID.2.5.4.13=1495543419" -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Java keytool certgen - Alertnative Subject Name
On 2017-05-24 02:39, Roger Dunn wrote: We are moving from OpenSSL to Java to handle CSRs for our CA. Our devices require a custom 'description' field as part of the Subject sequence. (Related link) https://linux.die.net/man/3/x509_name_get_text_by_nid The following command line fails (we are using a HSM but that's not relevant to the question) java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -certreq -alias myalias -file c:\mycerts\certs\cert23may.csr.pem -keypass 00 -dname "C=US,ST=CA,L=Cupertino,O=Apple\ Computer,OU=MyUnit,CN=MyServer,description=1495543419" -keystore c:\mycerts\private\may18_2017.ncsw -sigalg SHA256withECDSA -storepass 00 -storetype nCipher.sworld keytool error: java.io.IOException: Invalid keyword "DESCRIPTION" My guess is that it doesn't know the OID for description, which seems to be 2.5.4.13. Kurt -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Java keytool certgen - Alertnative Subject Name
We are moving from OpenSSL to Java to handle CSRs for our CA. Our devices require a custom 'description' field as part of the Subject sequence. (Related link) https://linux.die.net/man/3/x509_name_get_text_by_nid The following command line fails (we are using a HSM but that's not relevant to the question) java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -certreq -alias myalias -file c:\mycerts\certs\cert23may.csr.pem -keypass 00 -dname "C=US,ST=CA,L=Cupertino,O=Apple\ Computer,OU=MyUnit,CN=MyServer,description=1495543419" -keystore c:\mycerts\private\may18_2017.ncsw -sigalg SHA256withECDSA -storepass 00 -storetype nCipher.sworld keytool error: java.io.IOException: Invalid keyword "DESCRIPTION" Similar OpenSSL command: openssl req -config openssl_cp2.cnf -new -days 9100 -key /mycerts/private/private.key.pem -out /certs/csr/my.csr.pem -subj "/C=US/ST=CA/L=Cupertino/O=Apple\ Computer/OU=MyUnit/CN=MyServer/description=1495543419" -verify I've dug around and have not found a way to get Java keytool to take the custom description= field. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto