A possible solution might be to get a private enterprise number from the <http://www.iana.org/assignments/enterprise-numbers> IANA [http://www.iana.org/assignments/enterprise-numbers]. With this you can build up your own object identifier definitions (starting with 1.3.6.1.4.1.xxxx.) and build up a group of certificate extensions. The general disadvantage of such a solution is, that these extensions need to be signed by the CA. So, the CA is responsible for the validity of your extension's content during the validity of the certificate. Remember that no other application will use the certificate unless you mark your extension as non critical.
_____ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Akos Vandra Sent: Friday, July 10, 2009 10:05 PM To: openssl-users@openssl.org Subject: Certificate with custom fields Hello! I need to issue a few certificates with custom fields, with the customers more thoroughly identified, including Full name, Address, Telephone number, blablabla, and even a picture of the poor guy. Can this be done with one of the standards which uses openssl, or would I have to make one of my own? For example, why don't any XML.-like certificates exist? Regards, Vandra Ákos
