Robert Relyea wrote: > I've forwarded this thread to our CMS team for an answer...
bob
OK...I'm sorry. I guess Herb and myself haven't communicated our question properly. Or I missed something.
We are trying to generate CRMF-style certificate requests using JSS libraries. In the process of generating extensions and adding them to the request (so they will ultimately show up on the cert) we can't seem to figure out how to add a SubjectAltName extension to the request. Herb did figure out how to add KeyUsage and CertificateUsage extensions as they are just byte-arrays, but he can't figure out how to add the email address properly to the request. If you look back to the first message sent by herb he said he'd like help with the third parameter of the Extension class constructor (available here: http://lxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkix/cert/Extension.java)
In the second message he sent he shows a code section for generating a KeyUsage extension that works fine and then code for generating a SubjectAltName extension which doesn't work and is what we're asking for help with. He doesn't know what to put in there to get a email address string to show up on the cert after it is processed. He has the OID and the criticality, the first 2 params of the Extension constructor.
Maybe he's totally off-base with how he's going about doing this. Since Nelson and Bob both suggested CMS help, are you both suggesting that the code looks fine and should work but that CMS isn't processing it properly? If that is the case we do have access to CMS support through Red Hat and we can pursue that course of action. A "looks fine" or "should work" to the code would send us on our merry way to pester Red Hat...
Sorry if I'm beating a dead horse with a stick but I'm just a bit confused as to the immediate re-direct to a CMS problem without anything being said of the Java code (using JSS) Herb pasted in here.
-Dave _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
