--- Craig Gleadall <[EMAIL PROTECTED]> a écrit :
> Hello,
> I am trying to get my CA to issue a user
> certificate with the
> privateKeyUsagePeriod extention (2.5.29.16). This
> extension includes a
> notBefore and notAfter GeneralizedTime attribute. I
> saw in the
> openssl.cnf file that I can specify attributes with
> DER encoded data. I
> tried this for 2.5.29.16 in my x509_extentions
> section but it got
> encoded into the certificate as an OCTET STRING.
>
> In the new_oids section I added:
> privateKeyUsagePeriod=2.5.29.16
>
> In the section referenced as the x509_extentions
> from the 'CA' section
> I have:
> keyUsage = critical,digitalSignature:true
> 2.5.29.16 =
>
DER:30:1E:17:0D:30:34:31:30:32:32:30:39:34:32:30:31:5A:17:0D:30:35:30:31:32:32:30:39:34:32:30:31:5A
>
> As you can see this is the exact data that I would
> have expected to see
> in the certificate for the 2.5.29.16 extention, but
> in the cert just
> after the DER encoded OID is
> 04:20:30:1E....5A
for the 04 is a tag wich determine the type used as an
Octet string, and the 20 i think , as i know it's a
mask "DER constructed" or "DER-encoding-Mask", but
really i don't see how to hide these tags , may be the
output of the der encode , you have to neglect them .
good luck .
Abdou,
Vous manquez d’espace pour stocker vos mails ?
Yahoo! Mail vous offre GRATUITEMENT 100 Mo !
Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/
Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour
dialoguer instantanément avec vos amis. A télécharger gratuitement sur
http://fr.messenger.yahoo.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
