I forgot to include in the message the way I'm adding
the OIDs in the openssl configuration files. Here you
can see how I did it:
[ new_oids ]
# testoid1=1.2.3.4
# testoid2=${testoid1}.5.6
# pseudonym=2.5.4.65
# --------Politicas Certicamara-------------**
direccion = 2.5.4.9
nit = 1.3.6.1.4.1.4710.1.3.2
cedula = 1.3.6.1.4.1.4710.1.3.1
# --------Politicas Certicamara-------------**
# For the CA policy
[ policy_match ]
countryName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional
# --------Politicas Certicamara-------------**
direccion = optional
cedula = optional
nit = optional
# --------Politicas Certicamara-------------**
# --------Politicas Certicamara-------------**
direccion = UTF8:Direccion
cedula = UTF8:Cedula
nit = UTF8:Nit
# --------Politicas Certicamara-------------**
SET-ex3 = SET extension number
3
In this last part you can see:
direccion = UTF8:Direccion
I tried first without the UTF8:, like this:
direccion = Direccion
Is this ok?
Thanks a lot,
Johnny
--- Johnny Gonzalez <[EMAIL PROTECTED]>
escribió:
> Hello everybody,
>
> Has someone here worked before with special OIDs in
> the Certificates?
>
> I have done some changes in OpenCA to include the
> special OIDs we have to include in our generated
> certificates, but after the issuance of the
> certificates, the information in the OIDs appears
> with
> some strange characters (when seen since Windows,
> the
> OS our customers have), like those shown in these
> images (the images are in another web page to avoid
> a
> saturation of the list with unnecessary files ;-):
>
>
http://www.geocities.com/johnnygonzalezl/images/CertTest8b.PNG
>
>
http://www.geocities.com/johnnygonzalezl/images/CertTest7b.PNG
>
> As you can see in the images, in our special OIDS
> appear squares that do not form part of the
> information in the OID.
>
> Example in text:
> 1.3.6.1.4.1.4710.1.3.2 = �800123987
>
>
> I Guess this behaviour isn't normal.
>
> The changes I made in my configuration files:
>
> 1. copy extension files to:
> /usr/local/OpenCA/etc/openssl/extfiles
> an ls to that directory brings this:
>
> CA_Operator.ext
> Natural.ext.template
> VPN_ServerAuto.ext
> CA_Operator.ext.template Pertenencia.ext
>
> VPN_ServerAuto.ext.template
> Firma_Automatizada.ext
> Pertenencia.ext.template VPN_Server.ext
> Firma_Automatizada.ext.template
> Profesional_Titulado.ext
> VPN_Server.ext.template
> Firma_Codigo.ext
> Profesional_Titulado.ext.template Web_Server.ext
> Firma_Codigo.ext.template RA_Operator.ext
>
> Web_Server.ext.template
> Funcion_Publica.ext
> RA_Operator.ext.template
> Web_ServerPlus.ext
> Funcion_Publica.ext.template Representacion.ext
>
> Web_ServerPlus.ext.template
> Natural.ext
> Representacion.ext.template
>
> Those are our extension files that cover our
> politics.
>
> 2. change the file loa.xml
> it becomes like this:
>
> <openca>
> <loa>
> <level>40</level>
> <name>Medium</name>
> <cert>
> <ext>
> <name>certificatePolicies</name>
> <CP>
> <value>1.3.6.1.4.4308.10.50</value>
> </CP>
> <section>
> <name>psec</name>
> <policy_ID_tag>
> policyIdentifier</policy_ID_tag>
> <CPS>
> <URI>CPS.1
> ="http://www.certicamara.com/dpc";</URI>
> </CPS>
> </section>
>
> </ext>
> </cert>
> </loa>
>
> <loa>
> <level>50</level>
> <name>High</name>
> <cert>
> <ext>
>
> <name>certificatePolicies</name>
> <CP>
> <value>1.3.6.1.4.4308.10.50</value>
> </CP>
> <section>
> <name>psec</name>
> <policy_ID_tag> policyIdentifier</policy_ID_tag>
> <CPS>
> <URI>CPS.1 ="http://www.certicamara.com/dpc";</URI>
> </CPS>
> </section>
> </ext>
> </cert>
> </loa>
> </openca>
>
> Sorry for the identation.
>
> 3. Change the file roles.xml in rbac directory:
> <openca>
> <access_control>
> <roles>
> <role>RA Operator</role>
> <role>Representacion</role>
> <role>Pertenencia</role>
> <role>Natural</role>
> <role>Profesional Titulado</role>
> <role>Funcion Publica</role>
> <role>Firma Codigo</role>
> <role>Firma Automatizada</role>
> <role>VPN Server</role>
> <role>VPN ServerAuto</role>
> <role>Web Server</role>
> <role>Web ServerPlus</role>
> <role>Domain Controller</role>
> </roles>
> </access_control>
> </openca>
>
>
> 4. files in /usr/local/OpenCA/etc/openssl/openssl:
>
>
> CA_Operator.conf
> Natural.conf.template
> VPN_ServerAuto.conf
> CA_Operator.conf.template Pertenencia.conf
>
> VPN_ServerAuto.conf.template
> Firma_Automatizada.conf
> Pertenencia.conf.template VPN_Server.conf
> Firma_Automatizada.conf.template
> Profesional_Titulado.conf
> VPN_Server.conf.template
> Firma_Codigo.conf
> Profesional_Titulado.conf.template Web_Server.conf
> Firma_Codigo.conf.template RA_Operator.conf
>
> Web_Server.conf.template
> Funcion_Publica.conf
> RA_Operator.conf.template
> Web_ServerPlus.conf
> Funcion_Publica.conf.template
> Representacion.conf
> Web_ServerPlus.conf.template
> Natural.conf
> Representacion.conf.template
>
> If I perform a:
> openssl asn1parse -inform PEM -in certTest10.crt
> from a linux console I get this output in the OIDs
> section:
>
>
> 252:d=5 hl=2 l= 3 prim: OBJECT
> :countryName
> 257:d=5 hl=2 l= 2 prim: PRINTABLESTRING :CO
> 261:d=3 hl=2 l= 34 cons: SET
> 263:d=4 hl=2 l= 32 cons: SEQUENCE
> 265:d=5 hl=2 l= 3 prim: OBJECT
> :2.5.4.9
> 270:d=5 hl=2 l= 25 prim: T61STRING :Av
> el
> dorado # 69D - 35
> 297:d=3 hl=2 l= 26 cons: SET
> 299:d=4 hl=2 l= 24 cons: SEQUENCE
> 301:d=5 hl=2 l= 10 prim: OBJECT
> :1.3.6.1.4.1.4710.1.3.1
> 313:d=5 hl=2 l= 10 prim: T61STRING
> 79987987
> 325:d=3 hl=2 l= 27 cons: SET
> 327:d=4 hl=2 l= 25 cons: SEQUENCE
> 329:d=5 hl=2 l= 10 prim: OBJECT
> :1.3.6.1.4.1.4710.1.3.2
> 341:d=5 hl=2 l= 11 prim: T61STRING :
>
> 800987654
> 354:d=3 hl=2 l= 11 cons: SET
> 356:d=4 hl=2 l= 9 cons: SEQUENCE
> 358:d=5 hl=2 l= 3 prim: OBJECT
> :serialNumber
> 363:d=5 hl=2 l= 2 prim: PRINTABLESTRING :21
>
>
=== message truncated ===
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
