David Stutzman wrote:
Robert Relyea wrote: > I've forwarded this thread to our CMS team for an answer...
bob
OK...I'm sorry. I guess Herb and myself haven't communicated our question properly. Or I missed something.
We are trying to generate CRMF-style certificate requests using JSS libraries. In the process of generating extensions and adding them to the request (so they will ultimately show up on the cert) we can't seem to figure out how to add a SubjectAltName extension to the request. Herb did figure out how to add KeyUsage and CertificateUsage extensions as they are just byte-arrays, but he can't figure out how to add the email address properly to the request. If you look back to the first message sent by herb he said he'd like help with the third parameter of the Extension class constructor (available here: http://lxr.mozilla.org/security/source/security/jss/org/mozilla/jss/pkix/cert/Extension.java)
Neither nelson nor I have much direct experience using jss. Since CMS itself was written in JSS, they would have more experience in this area. Unfortunately the don't peruse this news group, so I had to
Maybe he's totally off-base with how he's going about doing this. Since Nelson and Bob both suggested CMS help, are you both suggesting that the code looks fine and should work but that CMS isn't processing it properly? If that is the case we do have access to CMS support through Red Hat and we can pursue that course of action. A "looks fine" or "should work" to the code would send us on our merry way to pester Red Hat...
I'm pretty sure that CMS correctly creates certs with SubjectAltName extensions from requests generated by CRMF and javascript, So I don't think it's an accual problem with the server.
Sorry if I'm beating a dead horse with a stick but I'm just a bit confused as to the immediate re-direct to a CMS problem without anything being said of the Java code (using JSS) Herb pasted in here.
Sorry for the confusion. It's just that the CMS team is our local area of expertise in JSS code.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
