Hi all,
Well I added the following to the new_oids section:
msCAVersion=1.3.6.1.4.1.311.21.1
msCRLNextPublish=1.3.6.1.4.1.311.21.4
I also added the following to the crl_ext section:
authorityKeyIdentifier=keyid:always,issuer:always
msCAVersion=DER:02:01:00
Unfortunately I do not know how to specify a value for the CRL Next
Publish oid. So I pressed on and generated a CRL with the parameters I
knew how to define. Viewing the CRL shows these items in it. But the CRL
still fails to import into Windows 2003 with the same error as before.
Can anyone give me any insight into the CRL Next Publish oid?
-----------------------------------------------------------------
DAVID BLAINE, GCIA , CISSP
GDLS-C Lead Information Risk Manager (LIRM)
CSC
6000 E. 17 Mile Rd. Sterling Heights MI 48313
GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 |
dblai...@csc.com | www.csc.com
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.
David W Blaine/GIS/c...@csc
01/15/2009 03:03 PM
Please respond to
"Users' Help and Suggestions" <openca-users@lists.sourceforge.net>
To
"Users' Help and Suggestions" <openca-users@lists.sourceforge.net>
cc
Subject
Re: [Openca-Users] CRL import into Windows error
Hi John,
Well took your suggestion and googled... I think I found it but want to
see what the group says:
A native Windows cert includes the following additional extensions
Authority Key Identifier
CA Version
Next CRL Publish
I was able to see in the openssl.cnf.template that AuthorityKeyIdentifier
existed in the crl_ext section but I'm unsure of the other 2. How to
implement?
It seems that "CA Version" is the most important as Windows uses that to
somehow identify the object within AD.
According to this article, this shows adding the OID's that I believe I
need:
http://archives.neohapsis.com/archives/openbsd/2001-08/2358.html
Has anyone else run into this?
-----------------------------------------------------------------
DAVID BLAINE, GCIA , CISSP
GDLS-C Lead Information Risk Manager (LIRM)
CSC
6000 E. 17 Mile Rd. Sterling Heights MI 48313
GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 |
dblai...@csc.com | www.csc.com
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
