Re: How put issuerUniqueID into certificate?
Kyle Hamilton wrote: The ITU X.509v1? The X.509v3? The Internet Public Key Infrastructure Certificate Profile? Perhaps the Attribute Certificate profile? Or the Proxy Certificate profile? Or some other profile? excerpt from the 2000 version. Since this is the one that I have online. issuerUniqueIdentifier is used to uniquely identify an issuer in case of name re-use. subjectUniqueIdentifier is used to uniquely identify a subject in case of name re-use. NOTE 3 – In situations where a distinguished name might be reassigned to a different user by the Naming Authority, CAs can use the unique identifier to distinguish between reused instances. However, if the same user is provided certificates by multiple CAs, it is recommended that the CAs coordinate on the assignment of unique identifiers as part of their user registration procedures. smime.p7s Description: S/MIME Cryptographic Signature
Re: How put issuerUniqueID into certificate?
The ITU X.509v1? The X.509v3? The Internet Public Key Infrastructure Certificate Profile? Perhaps the Attribute Certificate profile? Or the Proxy Certificate profile? Or some other profile? Dr. Henson mentioned that it is deprecated, which means that it's likely in one of the older standards that I don't have direct access to at the moment. -Kyle H On May 7, 2007, at 1:45 AM, Peter Sylvester wrote: Kyle Hamilton wrote: I have never heard of issuerUniqueID and subjectUniqueID. If you can point to where you're learning about it, it would be possible for me to figure it out. X.509, where else? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How put issuerUniqueID into certificate?
On Mon, May 07, 2007, Metalpalo wrote: > > Hello > > I don't know but in the certificate structure I see this: > issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, > -- If present, version MUST be v2 or v3 > subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, > -- If present, version MUST be v2 or v3 > > but when i'm looking at my generated certificate i don't see any optional > attributes of type :BIT STRING > Well since OPTIONAL components when omitted are absent you wont "see" them. Those fields are deprecated and although they are present in the X509 structure and should be parsed OK nothing in OpenSSL uses them. You'd have to manually set the fields in a custom program. The subject key identifier and authority key identifier extensions serve a similar purpose now. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How put issuerUniqueID into certificate?
Kyle Hamilton wrote: I have never heard of issuerUniqueID and subjectUniqueID. If you can point to where you're learning about it, it would be possible for me to figure it out. X.509, where else? smime.p7s Description: S/MIME Cryptographic Signature
Re: How put issuerUniqueID into certificate?
Hello I don't know but in the certificate structure I see this: issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3 but when i'm looking at my generated certificate i don't see any optional attributes of type :BIT STRING Regards Metalpalo -- View this message in context: http://www.nabble.com/How-put-issuerUniqueID-into-certificate--tf3702370.html#a10353651 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How put issuerUniqueID into certificate?
I have never heard of issuerUniqueID and subjectUniqueID. If you can point to where you're learning about it, it would be possible for me to figure it out. -Kyle H On 5/7/07, Metalpalo <[EMAIL PROTECTED]> wrote: Hello My question is: How can I put issuerUniqueId and subjectUniqueID into the certificate? It is extension or not ? Thanks -- View this message in context: http://www.nabble.com/How-put-issuerUniqueID-into-certificate--tf3702370.html#a10353456 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- -Kyle H __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How put issuerUniqueID into certificate?
Hello My question is: How can I put issuerUniqueId and subjectUniqueID into the certificate? It is extension or not ? Thanks -- View this message in context: http://www.nabble.com/How-put-issuerUniqueID-into-certificate--tf3702370.html#a10353456 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
