"McAlister, Keith" wrote:
>
> I want to add an Object ID to certificates, to offer a unique user id which
> will show up in the Subject field of the Certificate.
>
> In this case I have chosen the OID from the original X500 tree
> 0.9.2342.19200300.100.1.1 as user id.
>
> Having read the documentation (but perhaps not understanding it all?) I went
> off to modify my openssl.cnf file as follows:
>
> Add the OID in the appropriate section:
>
>
> [ req_distinguished_name ]
> countryName = Country Name (2 letter code)
> countryName_default = AU
> countryName_min = 2
> countryName_max = 2
> ....... Deleted several lines here !
> commonName = Common Name (eg, YOUR name)
> commonName_max = 64
> uid = UID:[Fred]
> uid_max = 40
> emailAddress = Email Address
> emailAddress_max = 40
>
Well if you want it to set uid to "Fred" if the user hits return then:
uid = UID
uid_default = Fred
would be needed. If you are just using "Fred" as an example then
something like
uid = UID (e.g. Fred)
might be better otherwise it looks like "Fred" is the default entry.
>
> But the certificate written out has no "uid:T61STRING:'test1_98765432'" or
> the numeric OID 0.9.2342.19200300.100.1.
> The Subject on the Test1 certificate only has the following:
> E = test1@test
> CN = test1
> OU = Test1
> O = Test
> L = London
> S = GLC
> C = GB
>
> I seem so close but yet so far away.
>
> Any help is welcome - what am i missing?
>
Stick 'uid' in the relevant policy section and check out how policies
for in the 'ca' docs.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
