-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 sorry for being vauge in my first post - what i want to accomplish is to add selective purposes that are there in that are standerd .... but only some specific puposes like
a policy on the internal ca requires that for a certain class of users generate only a email signing cert and ANOTHER email encryption cert so that encryption and singing are done by differnet keys, external users must be able to do only smartcard login and so on so was looking into the X.509 Cert Purposes / OID stuff right now i am using a win2k box for all the development work so where do i find this openssl.cnf file this is what i have in my path openssl.exe ssleay32.dll libeay32.dll and am using custom batch files that i wrote that will evantually be transfreed to a FreeBSD as shell scripts box running apache to run the ca if any one has got a all those oids present please send me the relevent portion ( offlist if u wish ) because searching my hdd for openssl.cnf came up with no matches can someone please post the link to the *COMPELTE* openssl docs which have the oid_section the ones that i found from the google dont have any oid_section thanks in advance for answering the newbie question - once i get my hands on docs maybe all these question will dissapper so any hep will be appereceated - - aditya - ----- Original Message ----- From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 03, 2002 7:00 PM Subject: Re: Cert Purposes / OIDs Needed - aditya > On Tue, Sep 03, 2002, Aditya wrote: > > > hi list, > > > > this is my first post so please bear with me > > > > > > a little background info first > > we are working on a internal CA project and we are facing some > > problem ( any help would be highly appreceated ) > > we are using this > > $openssl version > > OpenSSL 0.9.6c 21 dec 2001 > > > > we need to add the following purpose in the cert that will > > generated for some users - admins how do i add them > > the present line is already as below in openssl.cnf for this > > policy > > > > did a google search and came up with these keywords / oids please > > correct me if i am wrong > > > > and please can some one fill in the missing one to complete the > > list --- we can put this up on some website for newbies like me > > > > extendedKeyUsage = msSGC, nsSGC, ClientAuth > > > > > > > > 1.3.6.1.5.5.7.3.2 ClientAuth > > - Proves your identity to a remote computer > > 1.3.6.1.4.1.311.10.3.4 encryptedFileSystemMS > > - Allows data on disk to be encrypted > > 1.3.6.1.5.5.7.3.8 TimeStamping - Allows data to be > > signed with the current time > > > > Allows secure communication on the Internet > > > > Allows strong encryption for online transactions/communications > > > > Allows you to digitally sign a certificate trust list > > > > Digital Rights > > > > Embedded Windows System Component Verification > > 1.3.6.1.5.5.7.3.3 CodeSigning - Ensures software came > > from software publisher > > 1.3.6.1.5.5.7.3.1 ServerAuth - Ensures the identity > > of a remote computer > > File > > Recovery > > Key > > Pack Licenses > > > > License Server Verification > > OEM > > Windows System Component Verification > > 1.3.6.1.5.5.7.3.4 EmailProtection - Protects e-mail > > messages > > > > Protects software from alteration after publication > > Smart > > Card Logon > > > > Windows Hardware Driver Verification > > > > Windows System Component Verification > > 1.3.6.1.5.5.7.3.5 IpsecEndSystem > > 1.3.6.1.5.5.7.3.6 IpsecTunnel > > 1.3.6.1.5.5.7.3.7 IpsecUser > > 1.3.6.1.5.5.7.3.9 OCSPSigning > > 1.3.6.1.4.1.311.10.3.3 msSGC serverGatedCryptoMS > > 2.16.840.1.113730.4.1 nsSGC serverGatedCryptoNS > > , > > > > > > > > thanks in advance and please hurry working under a deadline - > > 5/9/2002 > > > > Its not at all apparent from your message what you are trying to > do. If you want to add some purposes which aren't already in > OpenSSL then you can add the necessary OIDs to openssl.cnf, see the > oid_section docs. > > Steve. > -- > Dr. Stephen Henson [EMAIL PROTECTED] > OpenSSL Project http://www.openssl.org/~steve/ > ____________________________________________________________________ > __ OpenSSL Project > http://www.openssl.org User Support Mailing List > [EMAIL PROTECTED] Automated List Manager > [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQIVAwUBPXUjq8gYDgOYK1z+AQJSYg//VYBNHh3jQWvFA5YyuP6c3wUVih05As6q crdYu5uKJo5OQ9A0ozoY1LbmvCLh+dOu1RSHm+fI2+Ed3Y4C+DrJJbEP66Rsyyo6 3QpCvjBZgHSPWakah8l07VbFjIDcYIJuD/6XgvpyHPHTI+wT1o9FuKskr2BpoA6M feVTqEN68YpsJdSKRLiQISm9Uy+6d1YafQMoL7IQ9MXEsU3Z8ejI/ppHkwrbln01 yVVhmV3+ld3jaLNSVpIhVXgu4Fu2dWDvvisxk/hCZbcTUSxdFwqsIsTGU+MV0kBK IoI5HltyiBGlo0t4Mhyj7tY3RAiHKZO9pJMAKCpvj3604XOIyWa16NZ/Fei5EBX3 YhxBsuj9yX0vVPrv+GTBXsc3o89dektwF3Hos4IQvBrHkouEapkxpUFaZ+XNSvhh S2E67ySwu3ZhWqw4DnerdiZNi6auuvLqE5C1gAbxgh/BizpLjhqXm0KEhsHOY9bY vuyeZ14duokRaM8J/vflXCkxU9wVeMgDp9AhhJQ1URe+lRXY8XG6H5nWQh2zfE6t kjhwiPKGHV1eByx0o6FzukJ94hE/eAOlzUtwcQIcFPcimRke8EsozT+19OO+cotZ fwCzRuyC766H6IjBTZvyxuOTU6sNUUVNlGc72yJrr9WDECxTdgBh8W5WOLPkvBFy gRF08jLyh6I= =R7Mj -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
