There is a utility called "certpatch" developed by OpenBSD folks for including the SubjAltName extension. I have modified it a little bit to suit my need.
This utility modifies the certificate in place and regenerates the hash. Perhaps you can modify it a little to suit your need. If all you need it add an IP address, e-mail or FQDN SubjAltName extension then this utility may help. Do let me know if this is what you need and then I can mail the program that I have. HTH. regards, Girish --- Kyle Hamilton <[EMAIL PROTECTED]> wrote: > ...you can't, without re-signing the certificate. > (changing the > certificate data invalidates the signed hash.) > > However, if you want to, you can use openssl x509 > -x509toreq -in > currentcert.pem -out currentcert.req . > > Then, create a new configuration template file with > the information > you want to rewrite, and then run it through x509 > req -in > currentcert.req -out newcert.req. Send newcert.req > to your certifying > authority for signing. > > -Kyle H > > On 2/8/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > How can I rewrite some field in X509 extension and > than > > save whole certificate with this change to file? > > > ______________________________________________________________________ > > OpenSSL Project > http://www.openssl.org > > User Support Mailing List > openssl-users@openssl.org > > Automated List Manager > [EMAIL PROTECTED] > > > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > openssl-users@openssl.org > Automated List Manager > [EMAIL PROTECTED] > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
