Thanks Dr. Henson The link you sent was the one I used to base my current configuration on. Its enivitable but I have a few more questions below.
--- "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote: > On Tue, Nov 09, 2004, ray v wrote: > > > Hi All! > > > > I created an OID section but I'm a little confused > > with how to use it. My example... > > > > oid_section = my_oids > > > > [my_oids] > > value1 = 1.3.6.1.4.1.9999.1 > > value2 = 1.3.6.1.4.1.9999.2 > > value3 = 1.3.6.1.4.1.9999.3 > > > > > > If I specify the -config sample.cnf when creating > the > > key, request and certificate this all works fine. > When > > I recieved and outside cert request it fails with > > > > Error Loading extension section default > > 10765:error:2207C082:X509 V3 > > routines:DO_EXT_CONF:unknown extension > > name:v3_conf.c:123: > > 10765:error:2206B080:X509 V3 > > routines:X509V3_EXT_conf:error in > > extension:v3_conf.c:92:name=oid_section > > > > Being new to this I'm not sure if I'm asking the > right > > question. I need to add extensions to certificate > > during the certificate gen and signing process. > The > > oids_section is in the global or default am I > missing > > something here? Is there something I'm supposed to > put > > in the [req] section regarding the new oids? > > > > All help will be appreciate... > > I'm loosing my hair faster then a cat in October! > > thanks! > > > > Well that looks like you are placing oid_section in > the wrong place. The > preferred way to add OIDs is via the autoconfig OID > module which then makes > the OID names visible to all compliant applications. Ok this might be a sad indicator about my skill regarding this matter. Autoconfig is? Basically all I want to do is use the OID assigned to my company to include extra data in the example below. Quite honestly if the VAL1 were seen by other applications as just the OID = value thats perfectly ok with me. O=mycompany OU=mydepartment CN=myuser VAL1=something Val2=something else Val3=some number Can I do this with out patching the openssl code and compiling special versions for each platform I have? > Look in the config(5) manual page also at: > > http://www.openssl.org/docs/apps/config.html > > However you can't automatically add an extension > just because OpenSSL has a > name for an OID. The standard extensions have > support code which can be used > to translate parts of the configuration file into > the appropriate extension > syntax. Can you translate this into something a lay person like myself can understand? > You can manually include the extension using the > DER: syntax or the more > flexible ASN1: syntax in OpenSSL 0.9.8-dev. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: > see homepage > OpenSSL project core developer and freelance > consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
