Hi, I develop my own CA using M2Crypto to interface with OpenSSL.
I am trying to create certificates for use with Kerberos. This requires me to add to the subjectAltName an other name in one of two ways. The first is to use the Microsoft Universal Principle Name. I am able to do that just fine by setting the subjectAltName to something like: otherName:1.3.6.1.4.1.311.20.2.3;UTF8:bcy...@test.cbn then creating an X509 extension with that value for the subjectAltName extension and adding that to the certificate when I am signing it. The other way is a little more complicated but it is the way I really want to get working. I need the otherName to look something like: subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name [princ_name] realm = EXP:0, GeneralString:bcymet principal_name = EXP:1, SEQUENCE:principal_seq [principal_seq] name_type = EXP:0, INTEGER:1 name_string = EXP:1, SEQUENCE:principals [principals] princ1 = GeneralString:TEST.CBN I am just not sure how to format the string to create the extension with. I want to do something like i have above where I can use a single string to create the extension. I am assuming it is going to start something like: otherName:1.3.6.1.5.2.2; It is the rest of it I am having a hard time figuring out. Any help would be great. Thanks, -- Bram Cymet Software Developer Canadian Bank Note Co. Ltd. Cell: 613-608-9752 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
