> I need a new OID in the certificate. This OID is DC
>
> The DC I want is the top level element in the Distinguished Name.
> Ie. dc = cn, ou, o, dc
>
> [ new_oids ]
> # We can add new OIDs in here for use by 'ca' and 'req'.
> # Add a simple OID like this:
> # testoid1=1.2.3.4
> # Or use config file substitution like this:
> # testoid2=${testoid1}.5.6
> dc=?????
>
> I have a few questions.
>
> 1. dc=dc does not work. dc=1.2.3.4 works.
You need to specify an OID. An OID is a ordered list of numbers.
The name associated with an OID cn, dc whatever is just that a name
associated with the number. The name is never used in the ASN.1
representation of the certificate just the numbers.
> 2. What should I put after dc in the [new_oid] section in this case ?
An OID. OID's are arranged in a heirarchy.
Each national standards organisation runs a section of the heirarchy.
1.2.840 is run by ANSI
1.2.826 is run by BSI
These national standards organisations then allocate an ID to organisations
who then manage and subsidiary nodes.
e.g. 1.2.840.113549 is RSA's ID, they then allocate ID's beneath this for
things like PKCS standards (e.g. 1.2.840.113549.1.7 is PKCS#7).
> 3. It works fine if I say 1.2.3.4 - where can I find out what
> it means ?
http://www.alvestrand.no/harald/objectid/ is a good place to start.
(Lots more OID information here too).
> 4. 1.2.3.4 reads as such in the certificate ! Unlike the others E
> (for email), O (for organization) and so on ...
In the actual certificate, every OID is a numbered list. Software
generally uses known OID->name associations to make the data more
readable. Your OID is not known, and therefore has no associated
friendly name.
> So, its obvious that I am doing something wrong or totally
> ignorant here.
Totally ignorant I'm afraid ;)
Hope this helps.
- Dale.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
