I have just joined this list. So if this is covered in the archives
anywhere, my weak search foo did not uncover it...
Has anyone created iDevID certs with openssl including subjectAltName
with hardwareModuleName?
I have been working on this for a few days and have worked out HOW to
even get certs to contain SAN, particularly going the csr route. I have
learned on the openssl list that HMN is not directly supported and that
you have to use othername. Something like
[ req_ext ]
subjectAltName = otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname
[ hmodname ]
hwType = OID:1.2.3.4 # Whatever OID you want.
hwSerialNum = FORMAT:HEX,OCT:01020304 # Some hex
But I am not sure what exactly to do with hwType and hwSerialNum
Are there any extant examples?
Currently there is no way to feed any SAN value in at the command like
'openssl req'. It has to go into the config file, so once I work out
WHAT to but into these fields, I will have to do some kludgly stuff to
stuff values into the config then run the command. There are examples of
this around for SANs of IP, DNS, etc.
BTW, so far I have a simple guide for making a pki of ECDSA certs using
openssl. I would be willing to share what I have done todate. The
802.1AR cert section is understandably incomplete...
Bob
_______________________________________________
Anima mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/anima
