|

Computer Security

»

Encryption and Cryptography

»

»

request for enhancement in openca PKI 1.0.2

View: New views

4 Messages — Rating Filter: Alert me

	request for enhancement in openca PKI 1.0.2 by Harald Latzko-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi! i'm trying to handle a speciality in a CSR generated by openSSL, which sets a special X.509v3 subject alternative name, set with "URI:<sometext>". A generated CSR looks like this: -----BEGIN CERTIFICATE REQUEST----- MIICPzCCAagCAQAwgZkxCzAJBgNVBAYTAkRFMRUwEwYDVQQIEwx0ZXN0cHJvdmlu Y2UxETAPBgNVBAcTCHRlc3RjaXR5MRQwEgYDVQQKEwt0ZXN0Y29tcGFueTERMA8G A1UECxMIdGVzdG9yZ2ExGTAXBgNVBAMTEHRlc3QgY29tbW9uIG5hbWUxHDAaBgkq hkiG9w0BCQEWDXRoaXNAaGVyZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAMSCT3trZxQCrZv67WoEYl0huPiY1zrE+Tm0nG75q7t+531U0gG0HDexVwzG ZWW4i901R2XEaGvKb+WIeTn9qT7MUgMKC6suxWl4CHKUYNBPOyxXFSBWqkTWgRIe nZwTOT5nxdyW/4a5r8X83+cBLdqHLyLv13MJWpbJMBw2bPnXAgMBAAGgZTBjBgkq hkiG9w0BCQ4xVjBUMBMGA1UdEQQMMAqGCGZyZWV0ZXh0MAsGA1UdDwQEAwIE8DAR BglghkgBhvhCAQEEBAMCBsAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC MA0GCSqGSIb3DQEBBQUAA4GBAFe7FGAEpvghL/zu3Z25vnpYY4dDPUP2Zr6zF90F Cx+UunDX7GDoIyz6oiFl33e7p7g7SsGuI9Ym15ei2I+ShNN0SQDmZbtUWDFSXaQj BOChFsxQvfzyRlykbcr3lRui1nj4H7/otulRlHDvaOQBvevTm1pxaU5NQzFejzZ8 PDKo -----END CERTIFICATE REQUEST----- Human readable it looks like this (where the X509v3subject alt.name is set with this "URI:freetext" message): ..... <snip>.... Attributes: Requested Extensions: X509v3 Subject Alternative Name: URI:freetext X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment Netscape Cert Type: SSL Client, SSL Server X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication ..... <snip>.... After some days spending around with configuration files of openca and openssl, I've found in the documentation that there is only support for eMail addresses in this field. Refering to chapter "6. Subject Alternative Name" in the configuration documentation chapter 4, (see http://www.openca.org/~madwolf/ch04s06.html) , I would like to request that I'm needing this special URI field with free text. Is it possible to implement this? Or even configure this without code change? I'd be very happy to hear from you. Regards, Harald Latzko ------------------------------------------------------------------------------ _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users
	Re: request for enhancement in openca PKI 1.0.2 by blainedw :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Harald, In browser_req.xml.template, see section subjectAltNames. Have you created another attribute with valueType=URI? Dave This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. ------------------------------------------------------------------------------ _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users
	Re: request for enhancement in openca PKI 1.0.2 by Harald Latzko-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi Dave, thank you for your answer. Am I missing a point when I think that I'm using server_req.xml for PKCS#10 certificate request upload? Afaik, the brower_req.xml is only used for end user input fields given in a form, but in my case I'm generating a certificate request with all fields given below "offline" in a local openSSL environment. That PEM encoded file will be uploaded by the "server_req" form, and the URI field is encoded in the PEM file as a X509v3 subject alt. name, which is then later not added to the created certificate. What point am I missing? > Hi Harald, > > In browser_req.xml.template, see section subjectAltNames. Have you created > another attribute with valueType=URI? > > Dave ------------------------------------------------------------------------------ _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users
	Re: request for enhancement in openca PKI 1.0.2 by blainedw :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I have not dealt with PKCS10 requests yet. Could the section in browser_req.xml be adapter for your use? Dave This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Openca-Users mailing list Openca-Users@... https://lists.sourceforge.net/lists/listinfo/openca-users