Hello Michael,
Almost there now I pasted an excerpt of the text dump for that a domain
controller cert at the end of this email. it shows the otherName value,
but at the same time it chops the GIUD value. I traced it all the way to
this function call "$token->issueCert" in the crypto-utils.lib and it
looks like we have the otherName string complete up to there(both the
hex value of the Guid and the DNS name". My question is, where is this
issueCert sub at? Which module or file is it located in? Thanks in
advance for your help.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=Crash Virginia Tech User CA,O=vt,C=US
Validity
Not Before: Jul 8 19:44:10 2004 GMT
Not After : Jul 8 19:44:10 2005 GMT
Subject:
serialNumber=6,CN=server.vt.edu,OU=aid,O=vt,ST=Some-State,C=US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a8:52:0e:10:6a:39:35:8b:0c:87:b4:8f:cb:5a:
fd:8c:c2:b2:f4:da:5c:9b:63:0f:8b:9e:2a:41:14:
e7:47:27:4e:7e:d3:62:95:ec:27:93:62:d4:93:d2:
b3:80:b8:9f:50:fe:54:21:2d:48:80:17:52:6b:2c:
78:e7:0c:f9:63:78:ba:d4:ee:08:51:e4:ca:72:19:
e9:04:95:a4:5b:22:3a:22:6d:16:f6:c4:8c:a6:ec:
75:62:3b:77:5e:de:13:49:46:46:08:31:5f:28:18:
78:c5:0d:14:21:77:c5:e4:92:03:32:4b:fc:e5:21:
87:33:f5:22:ad:5b:e7:20:c6:cd:86:58:44:68:50:
e3:9a:ef:35:68:20:e8:08:16:86:42:12:57:c7:f6:
3e:b5:3a:cb:13:8a:ff:94:62:03:ff:7e:93:a8:47:
40:37:ab:d1:55:be:d1:bc:83:9c:fe:93:61:c2:83:
ec:45:67:70:7d:a1:cb:5e:ec:b5:17:3d:84:b8:79:
03:bc:58:2e:2e:11:9c:d5:03:7f:31:ef:c4:e6:f0:
75:35:8f:f6:af:b4:1a:21:d3:4e:83:13:2b:b2:5b:
4f:e0:67:c7:b3:de:02:5e:84:31:9c:85:d3:82:36:
97:d4:fc:fd:60:6d:96:41:d0:8a:cb:ef:90:1c:31:
9e:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Certificate Policies:
Policy: 1.2.3.3.4
CPS: http://some.url.org/cps
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server
Authentication
Netscape Comment:
Domain Controller of vt
1.3.6.1.4.1.311.20.2:
. .D.o.m.a.i.n.C.o.n.t.r.o.l.l.e.r
X509v3 Subject Key Identifier:
62:E2:55:5B:76:81:54:81:2E:0D:97:A3:65:87:1C:F5:1F:94:65:84
X509v3 Authority Key Identifier:
keyid:C3:05:42:6C:CE:A6:48:55:AD:CE:44:D9:21:D3:2D:09:EF:F6:8A:4A
DirName:/C=US/O=vt/CN=Crash Virginia Tech User CA
serial:CE:4B:67:47:C0:5A:F4:0B
X509v3 Subject Alternative Name:
othername:<unsupported>, DNS:server.vt.edu
X509v3 Issuer Alternative Name:
<EMPTY>
X509v3 CRL Distribution Points:
URI:https://balamood2.cc.vt.edu/crl/cacrl.crl
Best Regards
Bahaa Al-amood
> -----Original Message-----
> From: Michael Bell [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 08, 2004 3:35 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [OpenCA-Devel] Domain Controler
>
> Hi Bahaa,
>
> Al-Amood, Bahaaldin wrote:
>
> > Actually it did issue the certificate but the whole subject
alternative
> > name field is empty now
>
> This is not really correct.
>
> > X509v3 Subject Alternative Name:
> > othername:<unsupported>
>
> Othername includes always a freestyle OID. So there is no way for
> OpenSSL to know the datarepresentation of this field. Therefore
OpenSSL
> prints <unsupported> what means that OpenSSL does not support a
display
> capability for this field. Nevertheless there is some content in this
> field.
>
> > X509v3 Issuer Alternative Name:
> > <EMPTY>
>
> This only means that your CA cert has no subject alt name.
>
> Michael
> --
> -------------------------------------------------------------------
> Michael Bell Email: [EMAIL PROTECTED]
> ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482
> (Computing Centre) Fax: +49 (0)30-2093 2704
> Humboldt-University of Berlin
> Unter den Linden 6
> 10099 Berlin Email (private): [EMAIL PROTECTED]
> Germany http://www.openca.org
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> digital self defense, top technical experts, no vendor pitches,
> unmatched networking opportunities. Visit www.blackhat.com
> _______________________________________________
> OpenCA-Devel mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/openca-devel
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
