On Mon, Oct 06, 2003, Martin Plenk wrote: > Hello, > > a Newbie Question: > I want to generate Certificates for use with > Smartcards for Microsoft Smartcard Login. > For testing I setup a Microsoft Windows 2000 CA and > generated a Certificate. I stored the certificate on a > smartcard and it worked. > The certificates I generate with openssl do not work. > When i look on the Windows 2000 genertated certificate > I see, that the Windows 2000 CA stores the Microsoft > Universal Principal Name as an other Name in the > subjectAltName extension. > How do i get this other Name in subjectAltName or is > ther e another trick to get openssl generated > certificate working with Microsoft Windows smartcard > login. >
As I mentioned you need 0.9.8-dev from MS KB 281245 you need a UTF8String and the OID 1.3.6.1.4.1.311.20.2.3. The syntax is therefore: subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:whatever Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
