Hello again,
Solved it with a workaround.
I replaced the otherName in the CSR for SAN DNS.
In OpenXPKI configuration I can access it like this:
enroll:
subject:
san:
otherName: "1.2.3.4;UTF8:[% SAN_DNS.0 %]"
I am misusing the SAN DNS in the CSR but for my use case I can live with it :-)
MM
On 29. 3. 2021, at 12:38, Michal Moravec
<[email protected]<mailto:[email protected]>> wrote:
Hello,
Is it possible to add otherName to SAN during the enrollment workflow?
Suppose you create CSR with OpenSSL. You define subjectAltName like this:
[reqsan]
subjectAltName =
email:[email protected]<mailto:[email protected]>,otherName:1.2.3.4;UTF8:somevalue.
Now you would like to create a client certificate with OpenXPKI. There is no
obvious way to add the otherName. I started with this:
enroll:
subject:
dn: SOMEDN
san:
email: "[% FOREACH entry = SAN_EMAIL %][% entry.lower %] | [% END %]"
otherName: ???
I am trying to use SAN_OTHERNAME variable but the first item of the array is
actually hash. I guess it has something do the with fact here are two values
here. The OID and the actual value.
1. I don't know how to get/dispay the content of the hash.
2. Is it even possible to definer SAN with custom OID here? If yes how can it
be done?
Best regards,
[Logicworks]<https://logicworks.cz/>
Michal Moravec Apple system administrator
Logicworks, s.r.o.<https://logicworks.cz/>
Argentinská 1621/36, Praha
7<https://www.google.cz/maps/place/Etnetera+Logicworks,+s.r.o./@50.1078991,14.4517256,17z/data=!3m1!4b1!4m5!3m4!1s0x470b94b2b61cb52d:0x6c88178df7f3ff49!8m2!3d50.1078957!4d14.4539143>
www.logicworks.cz<https://logicworks.cz/> | 778745013<tel:778745013>
_______________________________________________
OpenXPKI-users mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
