I don't know but I wonder if it you might also try asking the openssl folks - John
On Mon, 2009-01-19 at 11:19 -0500, David W Blaine wrote: > > Hi all, > > Well I added the following to the new_oids section: > > msCAVersion=1.3.6.1.4.1.311.21.1 > msCRLNextPublish=1.3.6.1.4.1.311.21.4 > > I also added the following to the crl_ext section: > > authorityKeyIdentifier=keyid:always,issuer:always > msCAVersion=DER:02:01:00 > > Unfortunately I do not know how to specify a value for the CRL Next > Publish oid. So I pressed on and generated a CRL with the parameters I > knew how to define. Viewing the CRL shows these items in it. But the > CRL still fails to import into Windows 2003 with the same error as > before. > > Can anyone give me any insight into the CRL Next Publish oid? > <snip> > Hi John, > > Well took your suggestion and googled... I think I found it but want > to see what the group says: > > A native Windows cert includes the following additional extensions > > Authority Key Identifier > CA Version > Next CRL Publish > > I was able to see in the openssl.cnf.template that > AuthorityKeyIdentifier existed in the crl_ext section but I'm unsure > of the other 2. How to implement? > > It seems that "CA Version" is the most important as Windows uses that > to somehow identify the object within AD. > > According to this article, this shows adding the OID's that I believe > I need: > > http://archives.neohapsis.com/archives/openbsd/2001-08/2358.html > > Has anyone else run into this? > > ----------------------------------------------------------------- <snip> -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsulli...@opensourcedevel.com http://www.spiritualoutreach.com Making Christianity intelligible to secular society ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
