On 08/11/2017 02:39 PM, Dr. Stephen Henson wrote:
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
My challenge comes to subjectAltName and its subfield
per RFC 4108. I guess I am not 'getting' the subjectAltName section of
Not all forms of SAN names are supported. If you look in
include/openssl/x509v3.h you see the following:
# define GEN_OTHERNAME 0
# define GEN_EMAIL 1
# define GEN_DNS 2
# define GEN_X400 3
# define GEN_DIRNAME 4
# define GEN_EDIPARTY 5
# define GEN_URI 6
# define GEN_IPADD 7
# define GEN_RID 8
I just spent over an hour googling around as well as reading openssl
docs to get a list of distinguished_name fields. Both in their full
form and abbreviated form. All I fined are the common ones in
And for the list above for SAN, how are they presented in the
openssl cli/config. Again, just not finding it.
My search foo is weak.
pointers greatly appreciated.
You can use the mini-ASN.1 compiler with the otherName syntax. This will
create the extension in the appropriate form but you wont get it displayed.
In outline it's like this:
# Use id-on-hardwareModuleName OID with otherName
subjectAltName = otherName:126.96.36.199.188.8.131.52.4;SEQ:hmodname
Is that suppose to be a semi-colon before SEQ? Or a typo?
hwType = OID:184.108.40.206 # Whatever OID you want.
hwSerialNum = FORMAT:HEX,OCT:01020304 # Some hex
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users