Re: Question about extensions

Bram Cymet Mon, 09 Aug 2010 04:34:12 -0700

Ok I see it now. 

The whole structure is there asn1parse just can't print out the GENERALSTRINGs 
I changed them to UTF8 and I was able to see everything.


Thanks again, 

Bram 
On 2010-08-09, at 6:51 AM, Bram Cymet wrote:

> Ok I was able to get openssl to generate a cert. Now when I got to asn1parse 
> -strparse the Subject Alternative Name I get: 
> 
>     0:d=0  hl=2 l=  47 cons: SEQUENCE          
>     2:d=1  hl=2 l=  45 cons: cont [ 0 ]        
>     4:d=2  hl=2 l=   6 prim: OBJECT            :1.3.6.1.5.2.2
>    12:d=2  hl=2 l=  35 cons: cont [ 0 ]        
>    14:d=3  hl=2 l=  33 cons: SEQUENCE          
>    16:d=4  hl=2 l=  10 cons: cont [ 0 ]        
>    18:d=5  hl=2 l=   8 prim: GENERALSTRING     
>    28:d=4  hl=2 l=  19 cons: cont [ 1 ]        
>    30:d=5  hl=2 l=  17 cons: SEQUENCE          
>    32:d=6  hl=2 l=   3 cons: cont [ 0 ]        
>    34:d=7  hl=2 l=   1 prim: INTEGER           :01
>    37:d=6  hl=2 l=  10 cons: cont [ 1 ]        
>    39:d=7  hl=2 l=   8 cons: SEQUENCE          
>    41:d=8  hl=2 l=   6 prim: GENERALSTRING     
> 
> Is that has far as I will be able to see or is there a way to parse out the 
> rest? 
> 
> Thanks, 
> 
> Bram 
> 
> 
> On 2010-08-08, at 3:41 PM, Bram Cymet wrote:
> 
>> I have attempted a number of different command line commands. They are all 
>> similar to: 
>> 
>> openssl x509 -extfile req.conf -extensions client_cert -in bcymet-cert.pem 
>> -out test.pem
>> 
>> openssl x509 -req -in req.pem -sha1 -extfile req.conf -extensions 
>> client_cert -CA CA.pem -CAkey cakey.pem -out test.pem 
>> 
>> Can you give me an example of how to create the cert or a req with the 
>> extensions? 
>> 
>> Thanks, 
>> 
>> Bram 
>> 
>> On 2010-08-08, at 8:38 AM, Dr. Stephen Henson wrote:
>> 
>>> On Fri, Aug 06, 2010, Bram Cymet wrote:
>>> 
>>>> It complains about the client_cert section.
>>>> 
>>>> Attached is the conf file.
>>>> 
>>>> I am using openssl 1.0.0.
>>>> 
>>> 
>>> That's odd, I just tried it on the latest 1.0.0-stable (1.0.0a should be 
>>> near
>>> enough) and other than the typo for prompt it works fine.
>>> 
>>> What command line are you using?
>>> 
>>> Steve.
>>> --
>>> Dr Stephen N. Henson. OpenSSL project core developer.
>>> Commercial tech support now available see: http://www.openssl.org
>>> ______________________________________________________________________
>>> OpenSSL Project                                 http://www.openssl.org
>>> User Support Mailing List                    openssl-users@openssl.org
>>> Automated List Manager                           majord...@openssl.org
>> 
>

Re: Question about extensions

Reply via email to