Hi all! I'm writting this up to help those that my wish to insert thier own values into the extension section of a certificate for use on internal applications. I do not know yet what the outcome will be when using these extension with main stream compliant applications.
In the begining I didn't quite know what to ask being new to openssl. I just new I needed to add three fields and equate each to a value. I needed to do this on a certificate request that my CA didn't generate. I needed my information to appear in the x509 extension of the newly created certificate. --wanted to thank the guys who help me out! Special thanks to Dr. Stephen Henson and Charles Cranston for patiently answer my obviously newbie questions. Thanks for the guidance! Anyways, I was all over the map with my questions, everything from modifying the DN to add my fields, to trying to patch the openssl code. You can't modify the DN if you don't create the key and request yourself. Patching the openssl code won't work because we would have to maintain a special version of openssl for all in house systems. I would be nice if openssl could read OID information from an external database. What follows is how I got it to work for me. So here's my example certificate output ---------------example ------------- RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ac:5a:a9:d8:a9:bf:2c:71:98:2f:b2:07:3d:18: bc:b5:92:18:2e:ed:1e:89:aa:5a:98:44:a2:9a:21: 34:08:b3:ed:7b:9c:05:bf:eb:19:fe:6d:08:59:aa: 87:7b:d0:f6:b4:88:8d:47:e4:f0:0f:39:ce:bf:7f: df:d9:fc:a2:3e:ac:b5:16:fe:76:e6:0b:99:24:65: 3e:e2:39:fb:15:d4:9a:85:7e:38:a1:de:13:68:03: 08:b2:1c:f5:37:6b:7b:1a:1a:6c:97:58:c9:00:0f: 83:fa:ca:8d:6a:14:c6:60:56:5d:92:be:59:fc:fc: a6:7a:9a:d1:b7:a2:24:be:89 Exponent: 65537 (0x10001) X509v3 extensions: <--- x509 ext 1.3.6.1.4.1.9999.1002: <--my OID user_id=test <--my field + val ------------------------------------- --------------extfile------------ extensions = extend [extend] 1.3.6.1.4.1.11039.1002 = DER::70:72:6F:76:69:xx:xx:xx:xx:xx:xx:xx:xx:65:73:74:0A ------------------------------------ openssl command I used... openssl x509 -req -extfile extfile -days 180 -CA certs/ca.crt -CAkey private/ca.key -CAcreateserial -in test.csr -out test.crt Here's the tool I used to convert my DER: section into HEX http://sec.angrypacket.com/code/hex0r.pl thanks [EMAIL PROTECTED] Hopefully this helps someone! thanks again to the group! cheers! __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]