[Openca-Users] request for enhancement in openca PKI 1.0.2

Sun, 26 Jul 2009 06:24:43 -0700 

Hi!

i'm trying to handle a speciality in a CSR generated by openSSL, which  
sets a special X.509v3 subject alternative name, set with  
"URI:<sometext>". A generated CSR looks like this:

-----BEGIN CERTIFICATE REQUEST-----
MIICPzCCAagCAQAwgZkxCzAJBgNVBAYTAkRFMRUwEwYDVQQIEwx0ZXN0cHJvdmlu
Y2UxETAPBgNVBAcTCHRlc3RjaXR5MRQwEgYDVQQKEwt0ZXN0Y29tcGFueTERMA8G
A1UECxMIdGVzdG9yZ2ExGTAXBgNVBAMTEHRlc3QgY29tbW9uIG5hbWUxHDAaBgkq
hkiG9w0BCQEWDXRoaXNAaGVyZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAMSCT3trZxQCrZv67WoEYl0huPiY1zrE+Tm0nG75q7t+531U0gG0HDexVwzG
ZWW4i901R2XEaGvKb+WIeTn9qT7MUgMKC6suxWl4CHKUYNBPOyxXFSBWqkTWgRIe
nZwTOT5nxdyW/4a5r8X83+cBLdqHLyLv13MJWpbJMBw2bPnXAgMBAAGgZTBjBgkq
hkiG9w0BCQ4xVjBUMBMGA1UdEQQMMAqGCGZyZWV0ZXh0MAsGA1UdDwQEAwIE8DAR
BglghkgBhvhCAQEEBAMCBsAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MA0GCSqGSIb3DQEBBQUAA4GBAFe7FGAEpvghL/zu3Z25vnpYY4dDPUP2Zr6zF90F
Cx+UunDX7GDoIyz6oiFl33e7p7g7SsGuI9Ym15ei2I+ShNN0SQDmZbtUWDFSXaQj
BOChFsxQvfzyRlykbcr3lRui1nj4H7/otulRlHDvaOQBvevTm1pxaU5NQzFejzZ8
PDKo
-----END CERTIFICATE REQUEST-----

Human readable it looks like this (where the X509v3subject alt.name is  
set with this "URI:freetext" message):
  ..... <snip>....
         Attributes:
         Requested Extensions:
             X509v3 Subject Alternative Name:
                 URI:freetext
             X509v3 Key Usage:
                 Digital Signature, Non Repudiation, Key Encipherment,  
Data Encipherment
             Netscape Cert Type:
                 SSL Client, SSL Server
             X509v3 Extended Key Usage:
                 TLS Web Server Authentication, TLS Web Client  
Authentication
  ..... <snip>....

After some days spending around with configuration files of openca and  
openssl, I've found in the documentation that there is only support  
for eMail addresses in this field. Refering to chapter "6. Subject  
Alternative Name" in the configuration documentation chapter 4, (see 
http://www.openca.org/~madwolf/ch04s06.html) 
, I would like to request that I'm needing this special URI field with  
free text. Is it possible to implement this? Or even configure this  
without code change?

I'd be very happy to hear from you.

Regards,
Harald Latzko

------------------------------------------------------------------------------
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to