Hi Alexander, > Are there any options to add some info to the certificate? > What i need - I need to download certificates with options at the top for > example with openvpn options. > And where is the download configurations for certificates located? Maybe I am > able to set my options there?
The certificate TBS content is defined by RFC5280. What's in the standard can go into the certificate, and OpenXPKI supports most of it. If you like you can invent your own X.509v3 extensions (that's what IANA Private Enterprise OIDs are for), but this is typically not very useful as the extension would have to be processed by the end entities or the relying parties. There is no existing extension I know of which is specific (or required) for OpenVPN, and regular TLS certificates will work just fine with OpenVPN. OpenXPKI also supports certificate metadata which can be collected during the enrollment/request process and persisted along with the certificate, allowing for additional business logic to support the Certificate Lifecycle. All metadata is OpenXPKI specific and is typically not persisted into the certificate v1 or v3 data (although the profile definition does allow to do so). This is probably not what you are asking, though. The remainder of your question is likely related to your previous question regarding automatically generating OpenVPN configurations for the end entity in order to provide a "one stop" download for the OpenVPN user. We provided some pointers how to implement this requirement in this thread: https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/CAKUXJ7Z%3D%3DyOvDHaUa71ft7%2Bus%2B-OcF7eRSyUB-dO3fyY1ybVrQ%40mail.gmail.com/#msg37154847 Cheers Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
