Re: [Openca-Users] problem to add an item in the certificate's subject

[val bon]

Hi,

 

why not ??? Tanks for your answer, I make the research too....

 

I found that the problem is in the function named issueCert, if it's a problem... This function is in crypto_create_cert function (..../Openca/lib/functions/crypto-utils.lib). The source is this :

 

sub crypto_create_cert

{

  our ($errno, $errval, $tools, $cryptoShell);

  my $keys = { @_ };

  my $tmpdir = getRequired ('TempDir');

  my $newCertsDir = getRequired('NewCertsDir');

  my $ser = crypto_get_next_cert_serial ();

  my $token = $keys->{TOKEN};

  my $csr = $keys->{CSR};

  my $days = $csr->getParsed()->{HEADER}->{DAYS};

  my $notafter = $csr->getParsed()->{HEADER}->{CERT_NOTAFTER};

  my $notbefore = $csr->getParsed()->{HEADER}->{CERT_NOTBEFORE};

 

  $days = 0 if (length ($notafter));

  $notafter .= "Z" if (length ($notafter));

  $notbefore .= "Z" if (length ($notbefore));

 

  if ($days or $notafter or $notbefore) {

    ## Issue the Certificate with individual lifetime

    if ( not $token->issueCert( REQFILE => "$tmpdir/${ser}.req",

                                          SUBJECT => $keys->{SUBJECT},

                                          INFORM => $keys->{FORMAT},

                                          EXTFILE => $keys->{EXTFILE},

                                          DAYS => $days,

                                          START_DATE => $notbefore,

                                          END_DATE => $notafter,

                                          PRESERVE_DN => "Y",

                                          NOUNIQUEDN => crypto_is_unique_subject()) )

    {

......

 

crypto_create_cert is called in libIssueCertificate function. I looked the value of $keys->{SUBJECT} before entering in issueCert, and I retrieved my new "special" item "T=". But, in certificate, it's not present !!!!

 

Where can I found the issueCert function ???

 

Val

Johnny Gonzalez <[EMAIL PROTECTED]> wrote:

Hello,

 

Well, AFAIK you should add the oids in the openssl you are using in your CA to issue the certificates, that way your certificates will contain the especial fields you want to add to them. I'm not completely sure how to do this, but I will try to make the research.

 

Johnny

val bon <[EMAIL PROTECTED]> escribi�:

hi all,

 

I want to add the "Title" item (T=) in the subject of a certificate (to have for example : T=Director, CN=Test, OU=Development, O=OpenCa......).

 

In RA, I succeeded to add this item in CSR. In Ra.conf, I add "T" in CSR_SUPPORTED_ATTRIBUTES and I modify the "CSR_DEFAULT_ATTRIBUTE_FIELDS" value to 8. In CA, I just modified the same things (in CA.conf).

 

When I look, in CA (Active CSR \ Approved), my new approved request, I see the Title item in subject. But, after issuing certificate, this item disappeared !!!!!!

 

Why ???? Anybody can explain me how to add some item in subject please ?

 

Thanks,

 

Val

---

D�couvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Cr�ez votre Yahoo! Mail

---

---

D�couvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Cr�ez votre Yahoo! Mail

---

D�couvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Cr�ez votre Yahoo! Mail