Since there is no fixed, I was tasked to get this to work.. Here is the
workaround I created and the code has been in the production for a year. I
found it works well. Also, when Microsoft utilize subjectAltName as
UserPrincipalName value to integrate smart card authentication with Active
Directory. Getting this to work is very important for web applications.
1) create a directory USERCERT under your PHP script folder. allow this
folder upload files via the web browser.
2) copy paste the following codes to your php script which is used to read
the certificate information.
$yourcn = $_SERVER['SSL_CLIENT_S_DN_CN'];
$filename=str_replace('(Affiliate)', '', str_replace(' ', '.',
$yourcn)).rand().".cer";
$file1 = $_SERVER['SSL_CLIENT_CERT'];
file_put_contents('USERCERT/'.$filename, $file1);
$cmd1 = "openssl asn1parse -in USERCERT/$filename | grep -A 1 'Subject
Alternative Name' | cut -f1 -d':' | tail -1";
$output1 = shell_exec($cmd1);
$output3 = shell_exec("sh testname.sh '$output1' '$filename'");
so. the result of $output3 will be the subjectAltName. This value is the
UserPrincipalName in Active Directory.
----
3) create a shell script, name testname.sh and place under the same
directory as your php script at the step 2. Please make this testname.sh
with 644 permission in Linux. Here is the content of testname.sh
openssl asn1parse -strparse $1 -in USERCERT/$2 | grep -A 2 "Microsoft
Universal Principal Name" | cut -f4 -d":" |tail -1
--------
Hope this works for you.
--
View this message in context:
http://openssl.6102.n7.nabble.com/PHP-openssl-x509-parse-extensions-subjectAltName-tp21912p44859.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
