Re: [OpenCA-Devel] Rewriting SCEP CSR

Mon, 21 Feb 2005 04:23:32 -0800 

Hi Oli,

> We have to set some fields on the request manually and want to automate
> this. The modificatiosn are:
>
> Setting
> unstructuredName=ipsec-test.test.corp+unstructuredAddress=1.1.1.1,OU=...
>
> to
> unstructuredAddress=1.1.1.1,unstructuredName=ipsec-test.test.corp,OU=...
>
> So just creating two Values from the one seperated by "+"
>
> And we must set two values in the Subject Alternativ Name...
>
> I tried to make the modifications by just setting the correct attributes
> in the database - is this sufficient (seems to work) or anybody knwos a
> better place to put this ?

roughly the same requirement here, we have to extract some data
from the CN, construct a SubjectAltName from this, modify the
CSR data to conform to a certain naming scheme.
Better yet: only use the CN of the request, throw away the rest of
the DN and build the DN from the default settings in the config file.

If you need this too, I think we should work together on building
a solution that is flexible enough to support not only our
requirements but a broader range.

It is possible to provide an initially edited CSR by simply inserting
the corresponding fields to the CSR to be inserted into the DB,
e. g. if you include

SUBJECT_ALT_NAME = DNS:foo.example.com

within the CSR header entry then the resulting cert will include it.

Martin



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
OpenCA-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-devel

Reply via email to