since I need to create Windows domain logon certificates with OpenCA,
I've read the thread about smartcard logon to win2000 domain, started by
Gambin Dejan.
I haven't created a role for Domain Controller yet, but I created a role for "Windows Logon", and associated some extensions to it:
############################################################################# keyUsage = digitalSignature, keyEncipherment
# Certificate template "SmartcardUser" (bmp string)
1.3.6.1.4.1.311.20.2=DER:1e:1a:00:53:00:6d:00:61:00:72:00:74:00:63:00:61:00:72:00:64:00:55:00:73:0
# Enhanced Key usage (clientAuth, SmartcardLogon, secureMail) extendedKeyUsage = clientAuth, 1.3.6.1.4.1.311.20.2.2, 1.3.6.1.5.5.7.3.4
#Subject Alternative Name = Other Name: Principal Name= (UPN)
subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:${ENV::subjectAltName}
#############################################################################Now, Gambin says it should work with openssl 0.9.8 (development
snapshot), and now I'm using it (today's snapshot, 20031120. I installed it locally in my home directory, because I didn't want it to overwrite the stable version of openssl - of course I changed 'openssl' path in OpenCA's configuration files), but I get this extension:
X509v3 Subject Alternative Name:
othername:<unsupported>Anyone tried it and got this 'subjectAltName' working? Thank you, Alberto
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
