Dear Dr Stephen N. Henson and Martin! Thank you for the fast and informative help! With your help I was able to create certificate with a complex Subject Alternative Name. The otherName Alternative identifier contains Microsoft Principal Name OID. I have used the following configuration (may be it is useful to add it to the OpenSSL documentation):
subjectaltna...@alt_section [alt_section] otherName=1.3.6.1.4.1.311.20.2.3;UTF8:bobotheraltn...@example.com email=bobrfc822altn...@example.com DNS.1=example1.com DNS.2=example2.com URI=http://example.com/ IP.1=13::17 IP.2=192.168.7.1 dirName=dir_sect [dir_sect] C=US O=Gold Music OU=Gold Ballads CN=bob emailaddress=bobdiraltn...@example.com After the import the certificate to IE it displays the following Subject Alternative Name: Other Name: Principal name=bobotheraltn...@example.com RFC822 name=bobrfc822altn...@example.com DNS Name=example1.com DNS Name=example2.com URL=http://example.com/ IP Address=0013:0000:0000:0000:0000:0000:0000:0017 IP Address=192.168.7.1 Directory Address: e=bobdiraltn...@example.com CN=bob OU=Gold Ballads O=Gold Music C=US Thanks for your help! Best regards, Michael -- View this message in context: http://old.nabble.com/SubjectAlternativeName-support-%280_9_8l-version%29-tp26957833p27001381.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
