RE: [Openca-Users] Problems with additional attributes

Thu, 01 Jun 2006 12:49:12 -0700 

Hello Juan.

I'm not a guru, but I can suggest you to define otherName OID in
openssl/openssl.cnf at etc/ directory of OpenCA installation. Place new OID
in [ new_oids ] section:

[ new_oids ]

otherName = 1.2.3.4.5   # use appropriate OID here


Hope this helps.

Regards,
Dmitrij



________________________________

        From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Juan Carlos
Lillo Molina
        Sent: Thursday, June 01, 2006 10:36 PM
        To: [email protected]
        Subject: [Openca-Users] Problems with additional attributes
        
        
        Hello...
        I need new attributes to "subjectAltName"
        
        I use the following lines in pub.conf
        
        DN_TYPE_BASIC_SUBJECTALTNAMES   "otherName" "email"
        
        DN_TYPE_BASIC_SUBJECTALTNAME_1  "RUT" 
        DN_TYPE_BASIC_SUBJECTALTNAME_1_MINIMUM_LENGTH 12
        DN_TYPE_BASIC_SUBJECTALTNAME_1_REQUIRED    "YES"
        
        DN_TYPE_BASIC_SUBJECTALTNAME_2  "E-Mail"
        DN_TYPE_BASIC_SUBJECTALTNAME_2_MINIMUM_LENGTH 3 
        DN_TYPE_BASIC_SUBJECTALTNAME_2_REQUIRED    "YES"
        
        If i swap "otherName"  by  "DNS"... there is no problems with the
certificate generation, but with "otherName"  the result is this: 
        
              Error 6761
                    Error General Error while issuing Certificate to Juan
Carlos Lillo Molina1 (filename: /usr/local/OpenCA/var/tmp/1A.req).
        
        
                    OpenCA::OpenSSL returns errocode 7731075
(OpenCA::OpenSSL->issueCert: OpenSSL fails (7777067). Using configuration
from /usr/local/OpenCA/etc/openssl/openssl/User.conf 
                    Check that the request matches the signature
                    Signature ok
                    ERROR: adding extensions in section default
                    23292:error:22075075:X509 V3
routines:v2i_GENERAL_NAME:unsupported option:v3_alt.c:436:name= otherName.0
                    23292:error:2206B080:X509 V3
routines:X509V3_EXT_conf:error in
extension:v3_conf.c:92:name=subjectAltName, [EMAIL PROTECTED]
                    error in ca
                    ).
        
        
        In the openssl documentation talk about the  "otherName" features,
but don't work with openca... 
        
        Please, help me with any hint...
        
        -- 
        Atte.
        JCLM 




-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to