Hi,A simple way to add LDAP attributes is to modify the conf File
to be able to use the certificates for WindowsLogOn to have is necessary
UPN in the certificate.
Of default in alternative subject name there is the email.
In UPN must be an unique value and also in LDAP as RDN need an unique value.
Therefore I have added UID as part of the SubjectDN.
And I wanted that automatically in alternative subject name there was this UID.
This way I have changed besides the sub crypto_get_csr_subject_alt_name
also
editCSR
## subject alternative name if ( defined $req->getParsed()->{DN_HASH}->{UID}[0] ) { $subjectAltName = "UID:".$req->getParsed()->{DN_HASH}->{UID}[0]; } elsif ( $parsed_req->{UID} ne "" ) { $subjectAltName = "UID:".$parsed_req->{UID}[0]; } else { $subjectAltName = ""; }
I am not gut in Perl and I have simply tried for trial and error until I have the result that I wanted.
Now however I fear that the changes from me done can have disagreeable consequences.
A Consequence to the changes in crypto_get_csr_subject_alt_name is taht I always have to have UPN in the certificate,
otherwise I receive an openSSL error since in __SUBJECT_ALT_NAME__
if it doesn't have othername openSSL wants a value with an equal.
For the User certificates there is no problem, but for the serers certificates I have to have
DNS (netscape) GUID and DNS of the Domain Controll of Windows.
There are these changes scheduled?
I will try to implement them, but ......
Thanks in advance
Giovanna
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
from the instalation directory you should edit the files
openca/etc/openssl/openssl/User.conf
or openca/etc/openssl/extfiles/User.conf
-- Dr Dominique LOHEZ ISEN 41, Bd Vauban F59046 LILLE France
Phone : +33 (0)3 20 30 40 71 Email: [EMAIL PROTECTED]
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
