Re: [openssl-users] Displaying subjectAtlName othername content
On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote: ➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse Humpf. I looked at that a few times and did not see the obvious. Sigh. So some progress. using -i and got: 573:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Subject Alternative Name 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304 Added -strparse 578 and got: 0:d=0 hl=2 l= 27 cons: SEQUENCE 2:d=1 hl=2 l= 25 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT:1.3.6.1.5.5.7.8.4 14:d=2 hl=2 l= 13 cons: cont [ 0 ] 16:d=3 hl=2 l= 11 cons:SEQUENCE 18:d=4 hl=2 l= 3 prim: OBJECT:1.2.3.4 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304 Since I don't know that SubjectAltName content will always start at 578, I have to do the asn1parse in two steps. It is a start... Again, Thanks Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Displaying subjectAtlName othername content
On 14/08/2017 20:55, Robert Moskowitz wrote: On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote: ➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse Humpf. I looked at that a few times and did not see the obvious. Sigh. So some progress. using -i and got: 573:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Subject Alternative Name 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304 Added -strparse 578 and got: 0:d=0 hl=2 l= 27 cons: SEQUENCE 2:d=1 hl=2 l= 25 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.4 14:d=2 hl=2 l= 13 cons: cont [ 0 ] 16:d=3 hl=2 l= 11 cons:SEQUENCE 18:d=4 hl=2 l= 3 prim: OBJECT:1.2.3.4 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304 Since I don't know that SubjectAltName content will always start at 578, I have to do the asn1parse in two steps. It is a start... Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and automatically descends into these structures. However it requires that you convert from Base64 to binary before calling it. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Displaying subjectAtlName othername content
➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Displaying subjectAtlName othername content
I am now working on using the othername option. I see it go in, but I can't display it. All I get is: X509v3 Subject Alternative Name: othername: I seem to recall encountering some way to display this in a google search, but I have not found that search yet in my history. Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? thanks Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL used in our network engine (SLikeNet)
Hi Rich, On 8/14/2017 14:53, Salz, Rich via openssl-users wrote: > ➢ I'd just like to quickly reach out to let you know that we released a new > (open source) network engine in which we also utilize the OpenSSL library and > want to thank you for the work you put into OpenSSL. > > > Congratulations. Please post a link, especially since it is open source! > Thanks. So if you are really fine with that, here's the link: Project page: https://www.slikesoft.com/?page_id=1221=de Also available on GitHub: https://github.com/SLikeSoft/SLikeNet -- Regards, Stefan Hett -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Displaying subjectAtlName othername content
On 14/08/2017 21:38, Robert Moskowitz wrote: On 08/14/2017 03:28 PM, Jakob Bohm wrote: On 14/08/2017 20:55, Robert Moskowitz wrote: On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote: ➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse Humpf. I looked at that a few times and did not see the obvious. Sigh. So some progress. using -i and got: 573:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Subject Alternative Name 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304 Added -strparse 578 and got: 0:d=0 hl=2 l= 27 cons: SEQUENCE 2:d=1 hl=2 l= 25 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.4 14:d=2 hl=2 l= 13 cons: cont [ 0 ] 16:d=3 hl=2 l= 11 cons:SEQUENCE 18:d=4 hl=2 l= 3 prim: OBJECT:1.2.3.4 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304 Since I don't know that SubjectAltName content will always start at 578, I have to do the asn1parse in two steps. It is a start... Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and automatically descends into these structures. However it requires that you convert from Base64 to binary before calling it. And build your own version of openssl! I am too far behind on this and other work to invest more time building my own modules. Sigh. Thanks, though. Perhaps get to it later. dumpasn1.c is a useful ready-to-use tool that just needs a trivial compile from a single file to a program for your computer type. It has saved me a lot of time over the years. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Displaying subjectAtlName othername content
On 08/14/2017 03:28 PM, Jakob Bohm wrote: On 14/08/2017 20:55, Robert Moskowitz wrote: On 08/14/2017 02:04 PM, Salz, Rich via openssl-users wrote: ➢ Is there anyway to display the basic ASN.1 structure here so I can see what was stored in the cert? openssl asn1parse Humpf. I looked at that a few times and did not see the obvious. Sigh. So some progress. using -i and got: 573:d=5 hl=2 l= 3 prim: OBJECT:X509v3 Subject Alternative Name 578:d=5 hl=2 l= 29 prim: OCTET STRING [HEX DUMP]:301BA01906082B06010505070804A00D300B06032A0304040401020304 Added -strparse 578 and got: 0:d=0 hl=2 l= 27 cons: SEQUENCE 2:d=1 hl=2 l= 25 cons: cont [ 0 ] 4:d=2 hl=2 l= 8 prim: OBJECT :1.3.6.1.5.5.7.8.4 14:d=2 hl=2 l= 13 cons: cont [ 0 ] 16:d=3 hl=2 l= 11 cons:SEQUENCE 18:d=4 hl=2 l= 3 prim: OBJECT:1.2.3.4 23:d=4 hl=2 l= 4 prim: OCTET STRING [HEX DUMP]:01020304 Since I don't know that SubjectAltName content will always start at 578, I have to do the asn1parse in two steps. It is a start... Try using dumpasn1.c by Peter Gutmann instead, it has nicer output and automatically descends into these structures. However it requires that you convert from Base64 to binary before calling it. And build your own version of openssl! I am too far behind on this and other work to invest more time building my own modules. Sigh. Thanks, though. Perhaps get to it later. Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] 802.1AR certificate generation and the config file
Robert Moskowitz wrote: > I am getting a SAN in the csr e.g.: > > Attributes: > Requested Extensions: > X509v3 Subject Alternative Name: > IP Address:192.168.2.1 > [..] > But I am not getting SAN in the cert. Perhaps I need something for SAN in the > -extensions section? Right now I only have: Are you using "openssl ca" for signing the cert? If yes, you could add the line copy_extensions = copy to your CA config section. http://cmrg.fifthhorseman.net/wiki/SubjectAltName https://wiki.openssl.org/index.php/Manual:Ca%281%29#CONFIGURATION_FILE_OPTIONS Ciao, Michael. smime.p7s Description: S/MIME Cryptographic Signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] OpenSSL used in our network engine (SLikeNet)
➢ I'd just like to quickly reach out to let you know that we released a new (open source) network engine in which we also utilize the OpenSSL library and want to thank you for the work you put into OpenSSL. Congratulations. Please post a link, especially since it is open source! -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] 802.1AR certificate generation and the config file
On 08/14/2017 07:16 AM, Michael Ströder wrote: Robert Moskowitz wrote: I am getting a SAN in the csr e.g.: Attributes: Requested Extensions: X509v3 Subject Alternative Name: IP Address:192.168.2.1 [..] But I am not getting SAN in the cert. Perhaps I need something for SAN in the -extensions section? Right now I only have: Are you using "openssl ca" for signing the cert? Yes, I am. If yes, you could add the line copy_extensions = copy to your CA config section. http://cmrg.fifthhorseman.net/wiki/SubjectAltName https://wiki.openssl.org/index.php/Manual:Ca%281%29#CONFIGURATION_FILE_OPTIONS Ciao, Michael. Thanks. That works. Now that I can get a SAN into the certs I need to research using othername and what a hardwaremodulename OID looks like and make it happen. Got to google some and ask around more. Again thanks for helping me get this far. Bob -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
