Hi all,
I read the section in the "documentation" about adding attributes to the
certificate and I am still a little unclear. So I am hoping for a sanity
check. I have 3 attributes I am adding but I'll just provide an example of
one to give you an idea. I have added them to the browser_req.xml.template
like so:
Under User Data Section....
<input>
<name>ADDITIONAL_ATTRIBUTE_EIN</name>
<label>Employee Number</label>
<type>textfield</type>
<charset>NUMERIC</charset>
<value></value>
<minlen>6</minlen>
<required>YES</required>
</input>
I'm not sure if it should be added to the DN or the SUBJALT section
farther down in the template (or both)????????
I then modified the server_req.xml.template (since we usually do
server-side generation)
<input>
<name>ADDITIONAL_ATTRIBUTE_EIN</name>
<label>employeeID</label>
<type>textfield</type>
<charset>NUMERIC</charset>
<value></value>
<minlen>6</minlen>
<required>YES</required>
</input>
ADDITIONAL_REQUEST_ATTRIBUTES "requestercn" "email" "employeeID"
"company" "department" "telephone" "citizenship"
ADDITIONAL_ATTRIBUTES_DISPLAY_VALUE "Name (first and Last name)"
"Email" "Employee Number" "Company" "Department" "Telephone"
"Citizenship"
ADDITIONAL_REQUEST_ATTRIBUTES_STRING_TYPE "LATIN1_LETTERS" "EMAIL"
"NUMERIC" "LATIN1_LETTERS" "LATIN1_LETTERS" "LATIN1_LETTERS"
"LATIN1_LETTERS"
Similar changes were made to servers/pub.conf.template
I made the following to servers/ra.conf.template
DN_TYPE_SPKAC_ELEMENTS "emailAddress" "CN" "OU" "DC" "DC" "DC"
"employeeID" "company" "citizenship"
DN_TYPE_SPKAC_ELEMENT_4 "Employee Number"
DN_TYPE_SPKAC_ELEMENT_4_MINIMUM_LENGTH 6
DN_TYPE_SPKAC_ELEMENT_4_REQUIRED "YES"
DN_TYPE_SPKAC_ELEMENT_4_CHARACTERSET "NUMERIC"
DN_TYPE_IE_ELEMENTS "emailAddress" "CN" "OU" "DC" "DC" "DC" "employeeID"
"company" "citizenship"
DN_TYPE_IE_ELEMENT_4 "Employee Number"
DN_TYPE_IE_ELEMENT_4_MINIMUM_LENGTH 6
DN_TYPE_IE_ELEMENT_4_REQUIRED "YES"
DN_TYPE_IE_ELEMENT_4_CHARACTERSET "NUMERIC"
Similar changes were made to servers/ca.conf.template
Then I went into the openssl.cnf stuff modifying the specific profile as
(in this case VPN_User.conf.template):
[ new_oids ]
pseudonym=2.5.4.65
domainComponent=0.9.2342.19200300.100.1.25
employeeID=1.3.6.1.4.1.5643.2.0.4
citizenship=1.3.6.1.5.5.7.9.4
company=1.2.840.113549.1.9.2
[ req_attributes ]
employeeID = Employee Number (eg, EIN)
employeeID_max = 6
citizenship = country of Citizenship
ctizenship_max = 2
company
Does that look like I'm on the right path???? Am I missing something or
doing anything wrong?
This is an e-mail from General Dynamics Land Systems. It is for the intended
recipient only and may contain confidential and privileged information. No one
else may read, print, store, copy, forward or act in reliance on it or its
attachments. If you are not the intended recipient, please return this message
to the sender and delete the message and any attachments from your computer.
Your cooperation is appreciated.
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
