hi, i've been looking at the archives list trying to search how to add additional extensions to certificates.
i found the thread "Adding Application Attributes to X509 Certificates?" that is about what i'm asking but using openssl commands and openssl configuration file. eventhoug, i don't know if "Brian Skrab" who was asking on how to do it, finally solved it. my questions are: 1) I'd like to add an additional (attribute,value) pair to a certificate, can i use any OID? RFC 2459 suggests to follow IANA or ITU-T Rec. X.660 | ISO/IEC/ITU 9834-1 for additional key purposes. do i need to follow the same conventions? if so, where can i find them? 2) I'd also like to add an extended key usage, the oid is defined in openssl as follows: #define OBJ_ext_key_usage OBJ_id_ce,37 can i use for my extended key usage? whould this follow the conventions on question 1? #define OBJ_MY_ext_key_usage OBJ_id_ce,37,1 2) Once i have and OID, should i use this functions to add an extension to a certificate? X509_EXTENSION_create_by_OBJ X509_EXTENSION_set_object X509_EXTENSION_set_critical X509_EXTENSION_set_data and X509_add_ext any help would be appreciated, thanks in advance. regards, aleix ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
