On 07.02.2014 21:04, Tom Pfeifer wrote:
You have to expand the [ policy_default ] or other section of your choice with something similar to...which are required for Extended Validation (EV) certificates. I'm currently using openSSL 1.0.1e-fips on Fedora 20, and I have these OIDs specified in the [new_oids] section in openssl.cnf like this:jurisdictionOfIncorporationLocalityName=1.3.6.1.4.1.311.60.2.1.1 jurisdictionOfIncorporationStateOrProvinceName=1.3.6.1.4.1.311.60.2.1.2 jurisdictionOfIncorporationCountryName=1.3.6.1.4.1.311.60.2.1.3 Also, referring to this web page (from 2010): http://www.frank4dd.com/howto/openssl/add_oids_to_openssl.htm ...I looked in crypto/objects/objects.txt in the 1.0.1e source tree, and they were not listed in that file with other OIDs. I also looked at the 1.0.1f source tree with the same result. The issue I'm having is that they don't show up in the Subject line in the certificate when specified in the -subj string, while all other OIDs specified in the same -subj string do show up. They are just ignored, with no error message.
jurisdictionOfIncorporationLocalityName = optional jurisdictionOfIncorporationStateOrProvinceName = optional jurisdictionOfIncorporationCountryName = optional Walter
smime.p7s
Description: S/MIME Cryptographic Signature
