Hi Michael, all,
Thus wrote michaelfmichaelf (michael_fur...@hotmail.com):
> 2) Where can I find the example for otherName in ASN1 format?
> Unfortunately, the example shown in the link above does not contain the ASN1
> format:
> subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
I've never actually used this so I can just make some guesses. According
to RFC3280, the ASN.1 definition of otherName is
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
So the example above seems to point in the right direction. I've just
done a test with
mar...@askja:~/tmp$ cat alt.ext
subjectAltName=otherName:1.3.6.1.5.5.7.1.99;BITSTRING:deadbeef
mar...@askja:~/tmp$ openssl x509 -req -in testReq.pem -out testCert.pem \
-signkey testKey.pem -extfile alt.ext
Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
Getting Private key
This seemed to work. ASN.1 part of the certificate is as follows
513 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
<04 1B>
518 27: OCTET STRING, encapsulates {
<30 19>
520 25: SEQUENCE {
<A0 17>
522 23: [0] {
<06 08>
524 8: OBJECT IDENTIFIER '1 3 6 1 5 5 7 1 26'
<A0 0B>
534 11: [0] {
<03 09>
536 9: BIT STRING 'deadbeef'
: }
: }
: }
: }
Unfortunately,
mar...@askja:~/tmp$ openssl x509 -in testCert.pem -noout -text
just displays
X509v3 extensions:
X509v3 Subject Alternative Name:
othername:<unsupported>
Which information do you want to encode in otherName?
HTH,
Martin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
