Hi Steve, I'm afraid that's not possible out of security reasons.
Regards Andi -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Monday, January 18, 2010 5:09 PM To: openssl-users@openssl.org Subject: Re: Openssl SAN problem On Mon, Jan 18, 2010, Muehlbauer, Andreas wrote: > Hi, > > we are running our own CA with openssl 0.9.8k on linux. > We get a CSR-Request containing SAN attributes from a Windows IIS > Server: > > [Version] > Signature="$Windows NT$" > > [NewRequest] > Subject = "CN=test1 OU=IT, O=Org, L=Location, S=State, C=DE" > KeySpec = 1 > KeyLength = 1024 > Exportable = TRUE > MachineKeySet = TRUE > SMIME = FALSE > PrivateKeyArchive = FALSE > UserProtected = FALSE > UseExistingKeySet = FALSE > RequestType = CMC > KeyUsage = 0xa0 > ProviderName = "Microsoft RSA SChannel Cryptographic Provider" > ProviderType = 12 > > [EnhancedKeyUsageExtension] > OID=1.3.6.1.5.5.7.3.1 > > [RequestAttributes] > SAN="CN=xyz&CN=test3" > > > When I try to sign the csr-Request with openssl I get the following > error message: > Error reading certificate request in xyz.csr > 27756:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong > tag:tasn_dec.c:1316: > 27756:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested > asn1 error:tasn_dec.c:380:Type=X509_REQ_INFO > 27756:error:0D08303A:asn1 encoding > routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 > error:tasn_dec.c:748:Field=req_info, Type=X509_REQ > 27756:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 > lib:pem_oth.c:83: > > > Signing Requests without SAN-attributes works just fine. > Can you post or send me that CSR privately? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org This communication and any files or attachments transmitted with it may contain information that is copyrighted or confidential and exempt from disclosure under applicable law. It is intended solely for the use of the individual or the entity to which it is addressed. If you are not the intended recipient, you are hereby notified that any use, dissemination, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us at once so that we may take the appropriate action and avoid troubling you further. Thank you for your cooperation. Please contact your local IT staff or email i...@wacker.com if you need assistance. Wacker Chemie AG, Hanns-Seidel-Platz 4, 81737 Muenchen, Germany, Sitz Muenchen, Amtsgericht Muenchen HRB 159705 Vorstand: Rudolf Staudigl (Vorsitzender), Joachim Rauhut, Wilhelm Sittenthaler, Auguste Willems Vorsitzender des Aufsichtsrats: Peter-Alexander Wacker ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
