Hello, Just to let you know, I aslo get othername:<unsupported> on Unix box, but when viewing the certificate in Windows averything is OK. Did you try this Alberto?
Regards Dejan Gambin -----Original Message----- From: Alberto Venturini [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 4:00 PM To: [EMAIL PROTECTED] Subject: [Openca-Users] About Windows domain logon Hi all, since I need to create Windows domain logon certificates with OpenCA, I've read the thread about smartcard logon to win2000 domain, started by Gambin Dejan. I haven't created a role for Domain Controller yet, but I created a role for "Windows Logon", and associated some extensions to it: ######################################################################## ##### keyUsage = digitalSignature, keyEncipherment # Certificate template "SmartcardUser" (bmp string) 1.3.6.1.4.1.311.20.2=DER:1e:1a:00:53:00:6d:00:61:00:72:00:74:00:63:00:61 :00:72:00:64:00:55:00:73:0 # Enhanced Key usage (clientAuth, SmartcardLogon, secureMail) extendedKeyUsage = clientAuth, 1.3.6.1.4.1.311.20.2.2, 1.3.6.1.5.5.7.3.4 #Subject Alternative Name = Other Name: Principal Name= (UPN) subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:${ENV::subjectAltNa me} ######################################################################## ##### Now, Gambin says it should work with openssl 0.9.8 (development snapshot), and now I'm using it (today's snapshot, 20031120. I installed it locally in my home directory, because I didn't want it to overwrite the stable version of openssl - of course I changed 'openssl' path in OpenCA's configuration files), but I get this extension: X509v3 Subject Alternative Name: othername:<unsupported> Anyone tried it and got this 'subjectAltName' working? Thank you, Alberto ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
