Re: [OpenXPKI-users] How to add otherName to SAN during enrollment workflow

Wed, 21 Apr 2021 00:53:16 -0700 

Hello again,

Solved it with a workaround.
I replaced the otherName in the CSR for SAN DNS.

In OpenXPKI configuration I can access it like this:

enroll:
    subject:
        san:
            otherName: "1.2.3.4;UTF8:[% SAN_DNS.0 %]"

I am misusing the SAN DNS in the CSR but for my use case I can live with it :-)

MM

On 29. 3. 2021, at 12:38, Michal Moravec 
<michal.mora...@logicworks.cz<mailto:michal.mora...@logicworks.cz>> wrote:

Hello,

Is it possible to add otherName to SAN during the enrollment workflow?

Suppose you create CSR with OpenSSL. You define subjectAltName like this:

[reqsan]
subjectAltName = 
email:mailaddr...@company.tld<mailto:mailaddr...@company.tld>,otherName:1.2.3.4;UTF8:somevalue.

Now you would like to create a client certificate with OpenXPKI. There is no 
obvious way to add the otherName. I started with this:

  enroll:
      subject:
        dn: SOMEDN
        san:
          email: "[% FOREACH entry = SAN_EMAIL %][% entry.lower %] | [% END %]"
          otherName: ???

I am trying to use SAN_OTHERNAME variable but the first item of the array is 
actually hash. I guess it has something do the with fact here are two values 
here. The OID and the actual value.

1. I don't know how to get/dispay the content of the hash.
2. Is it even possible to definer SAN with custom OID here? If yes how can it 
be done?

Best regards,

[Logicworks]<https://logicworks.cz/>
Michal Moravec  Apple system administrator
Logicworks, s.r.o.<https://logicworks.cz/>
Argentinská 1621/36, Praha 
7<https://www.google.cz/maps/place/Etnetera+Logicworks,+s.r.o./@50.1078991,14.4517256,17z/data=!3m1!4b1!4m5!3m4!1s0x470b94b2b61cb52d:0x6c88178df7f3ff49!8m2!3d50.1078957!4d14.4539143>
www.logicworks.cz<https://logicworks.cz/> | 778745013<tel:778745013>

_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openxpki-users


_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to