hi
you need to add the entry of your custom tags under crypto/objects.txt
and make update the openssl environment.
best
tanish
On 7/27/06, Paweł Tatera <[EMAIL PROTECTED]> wrote:
Hi.
Is it possible to put custom tags inside the openssl.cnf file?
I'm thinking here about generating a certificate request (*.csr) that
will store not only standard DN data like country, city, organization,
etc. but also some extra stuff.
I'm doing it like this:
.
.
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
> .
.
#and my own tags:
peselVALUE = Client pesel number # ask me with this question???
peselValue_default = 00000000000 # this is a string (not a number)
peselValue_max = 11
peselvalue_min = 11
.
.
.
The "pesel" is a value from my clients ID card.
I generate a csr like this (I already have a privkey.pem )
openssl req -new -nodes -key privkey.pem -config ./openssl.cnf \
-out client1.csr
There is only one "but" - OpenSSL generates errors each time it finds
'peselValue' tag. I was also trying to put it under [v3_req] but no effect
:(
Also have tried to use extensions but no result.
openssl x509 -in client.csr -req -extfile openssl.cnf -CA certs/issuer.crt \
-CAkey private/issuer.key -CAcreateserial
Next thing would be - how to read those values using for ex. apache
and php directives SSL_CLIENT_???
If is it possible to do what I wrote above, can someone point me the way???
With regards
Pawel Tatera
e-mails: ptatera (at) ptatera (dot) pl or madyogi (at) interia (dot) pl
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
:§I"ĎŽŢrŘmś˙Ă�
(Ľéě˛Z+K�+ŠŚí1¨Ľx�ËhĽéě˛[Źzť(Ľéě˛Z+�˘fyŇâ˛Ó�¨�ŽfŁ˘ˇh)z{,ŕ
