Hello Ali, there should already be a Profile for a Domain Controller included with OpenCA. Basically, if you want to provide your own profile (or 'role'), just edit a new openssl config file for it and add it to the web-interface configuration.
For adding a specific extension in the profile certificate, just add the extensions config file into the etc/openssl/extfiles directory; you then can put something like this: # Certificate Template "DomainController" (bmp string) subjectAltName=otherName:DER:ac:4b:29:06:aa:d6:5d:4f:a9:9c:4c:bc:b0:6a:65:d9, URI:http://www.openca.org I have not tried it directly, but it should work. Later, Max Ali Reza Karbasian wrote:
hi !i want to use a domain controller certificate for a windows domain but i must have other name in subject alternative name with oid 1.3.6.1.4.1.311.25.1 according to http://support.microsoft.com/kb/291010 how should i add this attribute to my system ? what changes should i do in openssl extension files of domain controller ?------------------------------------------------------------------------ ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ------------------------------------------------------------------------ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
-- Best Regards, Massimiliano Pala --o------------------------------------------------------------------------ Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] [EMAIL PROTECTED] Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332 PKI/Trust Laboratory Work Phone: +1 (603) 646-9179 --o------------------------------------------------------------------------
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users