I want to use openssl to create a cert whose subject like : emailaddress=hunte...@foxmail.com<mailto:emailaddress=hunte...@foxmail.com>, CN=16.157.247.39, DNQ=s7028, OU=jdcc, O=tv-asahi
So I edited openssl.cnf as blew : ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ [ new_oids ] # We can add new OIDs in here for use by 'ca' and 'req'. # Add a simple OID like this: dnq=1.2.3.4 ... # For the CA policy [ policy_match ] countryName = match ... dnq = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. [ policy_anything ] countryName = optional ... dnq = optional ... [ req_distinguished_name ] countryName = Country Name (2 letter code) ... dnq = DNQ dnq_max = 64 ・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・・ Then I use command 'openssl req -new -out c:\ca\client\client-req.csr -key c:\ca\client\client-key.pem -config C:\openssl.cnf' to create my cert. At first I thought it works, because it let me input the DNQ. After I get the client-req.csr, I use my ca_key and ca_cert to sign it. But when I get the subject from the cert ,the subject is like below: emailaddress=hunte...@foxmail.com<mailto:emailaddress=hunte...@foxmail.com>, CN=16.157.247.39, 1.2.3.4=s7028, OU=jdcc, O=tv-asahi My openssl's version is 0.9.8g. How can I add my own tag to cert? Thank you in advance.
