Re: PHP openssl_x509_parse extensions=subjectAltName
Since there is no fixed, I was tasked to get this to work.. Here is the workaround I created and the code has been in the production for a year. I found it works well. Also, when Microsoft utilize subjectAltName as UserPrincipalName value to integrate smart card authentication with Active Directory. Getting this to work is very important for web applications. 1) create a directory USERCERT under your PHP script folder. allow this folder upload files via the web browser. 2) copy paste the following codes to your php script which is used to read the certificate information. $yourcn = $_SERVER['SSL_CLIENT_S_DN_CN']; $filename=str_replace('(Affiliate)', '', str_replace(' ', '.', $yourcn)).rand()..cer; $file1 = $_SERVER['SSL_CLIENT_CERT']; file_put_contents('USERCERT/'.$filename, $file1); $cmd1 = openssl asn1parse -in USERCERT/$filename | grep -A 1 'Subject Alternative Name' | cut -f1 -d':' | tail -1; $output1 = shell_exec($cmd1); $output3 = shell_exec(sh testname.sh '$output1' '$filename'); so. the result of $output3 will be the subjectAltName. This value is the UserPrincipalName in Active Directory. 3) create a shell script, name testname.sh and place under the same directory as your php script at the step 2. Please make this testname.sh with 644 permission in Linux. Here is the content of testname.sh openssl asn1parse -strparse $1 -in USERCERT/$2 | grep -A 2 Microsoft Universal Principal Name | cut -f4 -d: |tail -1 Hope this works for you. -- View this message in context: http://openssl.6102.n7.nabble.com/PHP-openssl-x509-parse-extensions-subjectAltName-tp21912p44859.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
SV: PHP openssl_x509_parse extensions=subjectAltName
Hi. Thanks for looking into this. Would this say that the php_openssl is bugged, or can`t do the job ? -Opprinnelig melding- Fra: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] På vegne av Jeffrey Walton Sendt: 13. mai 2012 22:39 Til: openssl-users@openssl.org Emne: Re: PHP openssl_x509_parse extensions=subjectAltName On Sun, May 13, 2012 at 4:31 PM, Thomas Anderson zeln...@gmail.com wrote: On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote: openssl probably just doesn't recognize that OID. Here's what phpseclib (the latest SVN) shows for that particular extension: [8] = Array ( [extnId] = id-ce-subjectAltName [critical] = [extnValue] = Array ( [0] = Array ( [otherName] = Array ( [type-id] = 1.3.6.1.4.1.311.20.2.3 [value] = t...@kontorlan.tag.no ) ) ) ) Here's a link to phpsecllib: http://phpseclib.sourceforge.net/ Its private (4) for an enterprise (1): http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3ac tion=display OpenSSL cannot possibly know how to interpret the (311) (20) (2) branch or the (3) leaf node. Hmmm. Weird. asn1parse doesn't seem to mind. Here's how that parses the subjAltName extension: 0:d=0 hl=2 l= 39 cons: SEQUENCE 2:d=1 hl=2 l= 37 cons: cont [ 0 ] 4:d=2 hl=2 l= 10 prim: OBJECT :Microsoft Universal Principal Name 16:d=2 hl=2 l= 23 cons: cont [ 0 ] 18:d=3 hl=2 l= 21 prim: UTF8STRING Yes, it can probably be parsed by any ASN.1 parser. But the OID is private - only the organization knows how to interpret it (or what to do with it). : IϮ r m ( Z+ K +1 x h [ z ( Z+ f y f h )z{,
Re: PHP openssl_x509_parse extensions=subjectAltName
openssl probably just doesn't recognize that OID. Here's what phpseclib (the latest SVN) shows for that particular extension: [8] = Array ( [extnId] = id-ce-subjectAltName [critical] = [extnValue] = Array ( [0] = Array ( [otherName] = Array ( [type-id] = 1.3.6.1.4.1.311.20.2.3 [value] = t...@kontorlan.tag.no ) ) ) ) Here's a link to phpsecllib: http://phpseclib.sourceforge.net/ On Tue, May 8, 2012 at 8:42 AM, Johansen Daniel daniel.johan...@evry.com wrote: Certificate: -BEGIN CERTIFICATE- MIIGojCCBIqgAwIBAgIKHnnv5gABGDANBgkqhkiG9w0BAQUFADBdMQswCQYD VQQGEwJOTzEZMBcGA1UEChMQQ2FyZCBTZXJ2aWNlcyBBUzEzMDEGA1UEAxMqQ2Fy ZCBTZXJ2aWNlcyBBUyBPZmZpY2UgTmV0d29yayBJc3N1aW5nIENBMB4XDTEyMDUw ODEzMjcxMVoXDTEzMDUwODEzMjcwOFowaDEZMBcGCgmSJomT8ixkARkWCUtPTlRP UkxBTjETMBEGCgmSJomT8ixkARkWA1RBRzESMBAGCgmSJomT8ixkARkWAk5PMRIw EAYDVQQDEwlUZXN0IFVzZXIxDjAMBgNVBAMTBVVzZXJzMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQCsyZuf2vf3XgGlpG4AkB8IsmiojRLNVgfP65zLMfRyivrb 4BBXOwxg1E1rZ4WWemiGP/H8KRCjPAISW6/AjixujexHz63OgpB44jYJ+fOhqxr/ sAMyNXgbcIbC9ar2ZBlzNTNwuoXmcU+VzOCKD8d2US3UGKRIO3LlIfeBQrzUwQID AQABo4IC2zCCAtcwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBT7C//fKrl8CQLNAWV5 sH3iz0sndzAfBgNVHSMEGDAWgBSvF/J6mmW0u9nqsNb/PS3lHfBg9TCB2gYDVR0f BIHSMIHPMIHMoIHJoIHGhmFodHRwOi8vY2RwMS5jYXJkc2VydmljZXMubm8vY2Vy dGVucm9sbC9DYXJkJTIwU2VydmljZXMlMjBBUyUyME9mZmljZSUyME5ldHdvcmsl MjBJc3N1aW5nJTIwQ0EuY3JshmFodHRwOi8vY2RwMi5jYXJkc2VydmljZXMubm8v Y2VydGVucm9sbC9DYXJkJTIwU2VydmljZXMlMjBBUyUyME9mZmljZSUyME5ldHdv cmslMjBJc3N1aW5nJTIwQ0EuY3JsMIHuBggrBgEFBQcBAQSB4TCB3jBtBggrBgEF BQcwAoZhaHR0cDovL2NkcDEuY2FyZHNlcnZpY2VzLm5vL2NlcnRlbnJvbGwvQ2Fy ZCUyMFNlcnZpY2VzJTIwQVMlMjBPZmZpY2UlMjBOZXR3b3JrJTIwSXNzdWluZyUy MENBLmNydDBtBggrBgEFBQcwAoZhaHR0cDovL2NkcDIuY2FyZHNlcnZpY2VzLm5v L2NlcnRlbnJvbGwvQ2FyZCUyMFNlcnZpY2VzJTIwQVMlMjBPZmZpY2UlMjBOZXR3 b3JrJTIwSXNzdWluZyUyMENBLmNydDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3 FQiCydAjheyUSbGZA4LhqDyDyvcrB4LjsHSHz+pYAgFkAgECMB8GA1UdJQQYMBYG CisGAQQBgjcUAgIGCCsGAQUFBwMCMCkGCSsGAQQBgjcVCgQcMBowDAYKKwYBBAGC NxQCAjAKBggrBgEFBQcDAjAwBgNVHREEKTAnoCUGCisGAQQBgjcUAgOgFwwVdGV1 c0BLT05UT1JMQU4uVEFHLk5PMA0GCSqGSIb3DQEBBQUAA4ICAQCLI8HZO7W9YCh5 ld2cms7WYRXaFHQRi8nrNib2n+XsKa20CeXEpvDhrWbDJhPq7qrLqgITmCE5gXqh y1LzYyLCKQFZbRPCE4BEI0zd8ZanjP3BOGMWpe9rqkqqvyvhCb/4ienZNSnFjfZm zhE4gEkIUDK1nUggxG/HkwkvZh5FBi+tQGofwNfNh3BgOVetOg6o9uFBjvpLoMNH gyhyQm+J40q1y6wERfY0vB/RSVxKyCK9Q6ksl/rjfOOWna9xrV68TLvgElQARCJJ +NEcdLm3fWleBP6115XFTMMAS+FgppBUvNU38WtLdg3NkWletU1weSmHUdA01Y6h i1c86PFywH7jplFkPYgcpKCLgf4VNwksMp0KzrZzZoXtO6doMMQxV9nJTdVycLnU Z6osCV0t5q+2wC83LY+guPhJCXKoru9Do4C/8C2dBFlvzrnHkfMqEJ842Gk83TS+ nQjtgicG9qF+w4xwwF0DDsHXIoneCcToGYvLVwMZgLIEZe/qIuZfk2PWJxYcscRT weF7Q+ie8enS2GRkjHENwc0CjzFQsylqEief0faGf7ALgp/Jv+OUx2UT8mYA9zhq IIDKlTIFP/W+C8jmmF0Gb66vyUS2FBVrZqrbi6s1hlrPyfitu39Efsj9MVaTlk+e MECGZrbCHKff9zICH61TvwGu6F73tg== -END CERTIFICATE- Vennlig hilsen Daniel Bjørnådal Johansen IT Konsulent, ITO Card Services daniel.johan...@evry.com T +47 75 12 81 61 M +47 909 15 267 -Opprinnelig melding- Fra: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] På vegne av Thomas Anderson Sendt: 8. mai 2012 14:49 Til: openssl-users@openssl.org Emne: Re: PHP openssl_x509_parse extensions=subjectAltName Can you post the certificate in question? I'm a bit curious as to how phpseclib's File_X509 would parse it. eg. [?php] include('File/X509.php'); $x509 = new File_X509(); print_r$x509-loadX509($_SERVER['SSL_CLIENT_CERT'])); [/?php] On Tue, May 8, 2012 at 7:01 AM, Johansen Daniel daniel.johan...@evry.com wrote: [?php] $x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']); $subjectAltName = $x509['extensions']['subjectAltName']; [/?php] When parsing a x509 certificate and ['extensions']['subjectAltName'] contains a newline or space as shown below: othername: Princpal name=t...@test.com The value in this case Princpal name=t...@test.com will not be shown. $subjectAltName as shown in the code will display othername:, and only that. Expected result: echo $subjectAltName; // Should print othername: Princpal name=t...@test.com Is this a bug or ignorance on my part ? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List
Re: PHP openssl_x509_parse extensions=subjectAltName
On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote: openssl probably just doesn't recognize that OID. Here's what phpseclib (the latest SVN) shows for that particular extension: [8] = Array ( [extnId] = id-ce-subjectAltName [critical] = [extnValue] = Array ( [0] = Array ( [otherName] = Array ( [type-id] = 1.3.6.1.4.1.311.20.2.3 [value] = t...@kontorlan.tag.no ) ) ) ) Here's a link to phpsecllib: http://phpseclib.sourceforge.net/ Its private (4) for an enterprise (1): http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3action=display OpenSSL cannot possibly know how to interpret the (311) (20) (2) branch or the (3) leaf node. Jeff :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���
Re: PHP openssl_x509_parse extensions=subjectAltName
On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote: openssl probably just doesn't recognize that OID. Here's what phpseclib (the latest SVN) shows for that particular extension: [8] = Array ( [extnId] = id-ce-subjectAltName [critical] = [extnValue] = Array ( [0] = Array ( [otherName] = Array ( [type-id] = 1.3.6.1.4.1.311.20.2.3 [value] = t...@kontorlan.tag.no ) ) ) ) Here's a link to phpsecllib: http://phpseclib.sourceforge.net/ Its private (4) for an enterprise (1): http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3action=display OpenSSL cannot possibly know how to interpret the (311) (20) (2) branch or the (3) leaf node. Hmmm. Weird. asn1parse doesn't seem to mind. Here's how that parses the subjAltName extension: 0:d=0 hl=2 l= 39 cons: SEQUENCE 2:d=1 hl=2 l= 37 cons: cont [ 0 ] 4:d=2 hl=2 l= 10 prim: OBJECT:Microsoft Universal Principal Name 16:d=2 hl=2 l= 23 cons: cont [ 0 ] 18:d=3 hl=2 l= 21 prim:UTF8STRING __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PHP openssl_x509_parse extensions=subjectAltName
On Sun, May 13, 2012 at 4:31 PM, Thomas Anderson zeln...@gmail.com wrote: On Sun, May 13, 2012 at 2:00 PM, Jeffrey Walton noloa...@gmail.com wrote: On Sun, May 13, 2012 at 1:55 PM, Thomas Anderson zeln...@gmail.com wrote: openssl probably just doesn't recognize that OID. Here's what phpseclib (the latest SVN) shows for that particular extension: [8] = Array ( [extnId] = id-ce-subjectAltName [critical] = [extnValue] = Array ( [0] = Array ( [otherName] = Array ( [type-id] = 1.3.6.1.4.1.311.20.2.3 [value] = t...@kontorlan.tag.no ) ) ) ) Here's a link to phpsecllib: http://phpseclib.sourceforge.net/ Its private (4) for an enterprise (1): http://www.oid-info.com/cgi-bin/display?oid=1.3.6.1.4.1.311.20.2.3action=display OpenSSL cannot possibly know how to interpret the (311) (20) (2) branch or the (3) leaf node. Hmmm. Weird. asn1parse doesn't seem to mind. Here's how that parses the subjAltName extension: 0:d=0 hl=2 l= 39 cons: SEQUENCE 2:d=1 hl=2 l= 37 cons: cont [ 0 ] 4:d=2 hl=2 l= 10 prim: OBJECT :Microsoft Universal Principal Name 16:d=2 hl=2 l= 23 cons: cont [ 0 ] 18:d=3 hl=2 l= 21 prim: UTF8STRING Yes, it can probably be parsed by any ASN.1 parser. But the OID is private - only the organization knows how to interpret it (or what to do with it). :��IϮ��r�m (Z+�K�+1���x��h[�z�(Z+���f�y���f���h��)z{,���
Re: PHP openssl_x509_parse extensions=subjectAltName
Yes, it can probably be parsed by any ASN.1 parser. But the OID is private - only the organization knows how to interpret it (or what to do with it). private/public in this context refers to governance/ownership not to visibility. if the organisation documents the any interested party can interpret it. 311 is one of microsoft's OID branches smart cad login with UPN is documented at least in http://support.microsoft.com/kb/281245 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
PHP openssl_x509_parse extensions=subjectAltName
[?php] $x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']); $subjectAltName = $x509['extensions']['subjectAltName']; [/?php] When parsing a x509 certificate and ['extensions']['subjectAltName'] contains a newline or space as shown below: othername: Princpal name=t...@test.com The value in this case Princpal name=t...@test.com will not be shown. $subjectAltName as shown in the code will display othername:, and only that. Expected result: echo $subjectAltName; // Should print othername: Princpal name=t...@test.com Is this a bug or ignorance on my part ? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PHP openssl_x509_parse extensions=subjectAltName
Can you post the certificate in question? I'm a bit curious as to how phpseclib's File_X509 would parse it. eg. [?php] include('File/X509.php'); $x509 = new File_X509(); print_r$x509-loadX509($_SERVER['SSL_CLIENT_CERT'])); [/?php] On Tue, May 8, 2012 at 7:01 AM, Johansen Daniel daniel.johan...@evry.com wrote: [?php] $x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']); $subjectAltName = $x509['extensions']['subjectAltName']; [/?php] When parsing a x509 certificate and ['extensions']['subjectAltName'] contains a newline or space as shown below: othername: Princpal name=t...@test.com The value in this case Princpal name=t...@test.com will not be shown. $subjectAltName as shown in the code will display othername:, and only that. Expected result: echo $subjectAltName; // Should print othername: Princpal name=t...@test.com Is this a bug or ignorance on my part ? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PHP openssl_x509_parse extensions=subjectAltName
Certificate: -BEGIN CERTIFICATE- MIIGojCCBIqgAwIBAgIKHnnv5gABGDANBgkqhkiG9w0BAQUFADBdMQswCQYD VQQGEwJOTzEZMBcGA1UEChMQQ2FyZCBTZXJ2aWNlcyBBUzEzMDEGA1UEAxMqQ2Fy ZCBTZXJ2aWNlcyBBUyBPZmZpY2UgTmV0d29yayBJc3N1aW5nIENBMB4XDTEyMDUw ODEzMjcxMVoXDTEzMDUwODEzMjcwOFowaDEZMBcGCgmSJomT8ixkARkWCUtPTlRP UkxBTjETMBEGCgmSJomT8ixkARkWA1RBRzESMBAGCgmSJomT8ixkARkWAk5PMRIw EAYDVQQDEwlUZXN0IFVzZXIxDjAMBgNVBAMTBVVzZXJzMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQCsyZuf2vf3XgGlpG4AkB8IsmiojRLNVgfP65zLMfRyivrb 4BBXOwxg1E1rZ4WWemiGP/H8KRCjPAISW6/AjixujexHz63OgpB44jYJ+fOhqxr/ sAMyNXgbcIbC9ar2ZBlzNTNwuoXmcU+VzOCKD8d2US3UGKRIO3LlIfeBQrzUwQID AQABo4IC2zCCAtcwCwYDVR0PBAQDAgWgMB0GA1UdDgQWBBT7C//fKrl8CQLNAWV5 sH3iz0sndzAfBgNVHSMEGDAWgBSvF/J6mmW0u9nqsNb/PS3lHfBg9TCB2gYDVR0f BIHSMIHPMIHMoIHJoIHGhmFodHRwOi8vY2RwMS5jYXJkc2VydmljZXMubm8vY2Vy dGVucm9sbC9DYXJkJTIwU2VydmljZXMlMjBBUyUyME9mZmljZSUyME5ldHdvcmsl MjBJc3N1aW5nJTIwQ0EuY3JshmFodHRwOi8vY2RwMi5jYXJkc2VydmljZXMubm8v Y2VydGVucm9sbC9DYXJkJTIwU2VydmljZXMlMjBBUyUyME9mZmljZSUyME5ldHdv cmslMjBJc3N1aW5nJTIwQ0EuY3JsMIHuBggrBgEFBQcBAQSB4TCB3jBtBggrBgEF BQcwAoZhaHR0cDovL2NkcDEuY2FyZHNlcnZpY2VzLm5vL2NlcnRlbnJvbGwvQ2Fy ZCUyMFNlcnZpY2VzJTIwQVMlMjBPZmZpY2UlMjBOZXR3b3JrJTIwSXNzdWluZyUy MENBLmNydDBtBggrBgEFBQcwAoZhaHR0cDovL2NkcDIuY2FyZHNlcnZpY2VzLm5v L2NlcnRlbnJvbGwvQ2FyZCUyMFNlcnZpY2VzJTIwQVMlMjBPZmZpY2UlMjBOZXR3 b3JrJTIwSXNzdWluZyUyMENBLmNydDA8BgkrBgEEAYI3FQcELzAtBiUrBgEEAYI3 FQiCydAjheyUSbGZA4LhqDyDyvcrB4LjsHSHz+pYAgFkAgECMB8GA1UdJQQYMBYG CisGAQQBgjcUAgIGCCsGAQUFBwMCMCkGCSsGAQQBgjcVCgQcMBowDAYKKwYBBAGC NxQCAjAKBggrBgEFBQcDAjAwBgNVHREEKTAnoCUGCisGAQQBgjcUAgOgFwwVdGV1 c0BLT05UT1JMQU4uVEFHLk5PMA0GCSqGSIb3DQEBBQUAA4ICAQCLI8HZO7W9YCh5 ld2cms7WYRXaFHQRi8nrNib2n+XsKa20CeXEpvDhrWbDJhPq7qrLqgITmCE5gXqh y1LzYyLCKQFZbRPCE4BEI0zd8ZanjP3BOGMWpe9rqkqqvyvhCb/4ienZNSnFjfZm zhE4gEkIUDK1nUggxG/HkwkvZh5FBi+tQGofwNfNh3BgOVetOg6o9uFBjvpLoMNH gyhyQm+J40q1y6wERfY0vB/RSVxKyCK9Q6ksl/rjfOOWna9xrV68TLvgElQARCJJ +NEcdLm3fWleBP6115XFTMMAS+FgppBUvNU38WtLdg3NkWletU1weSmHUdA01Y6h i1c86PFywH7jplFkPYgcpKCLgf4VNwksMp0KzrZzZoXtO6doMMQxV9nJTdVycLnU Z6osCV0t5q+2wC83LY+guPhJCXKoru9Do4C/8C2dBFlvzrnHkfMqEJ842Gk83TS+ nQjtgicG9qF+w4xwwF0DDsHXIoneCcToGYvLVwMZgLIEZe/qIuZfk2PWJxYcscRT weF7Q+ie8enS2GRkjHENwc0CjzFQsylqEief0faGf7ALgp/Jv+OUx2UT8mYA9zhq IIDKlTIFP/W+C8jmmF0Gb66vyUS2FBVrZqrbi6s1hlrPyfitu39Efsj9MVaTlk+e MECGZrbCHKff9zICH61TvwGu6F73tg== -END CERTIFICATE- Vennlig hilsen Daniel Bjørnådal Johansen IT Konsulent, ITO Card Services daniel.johan...@evry.com T +47 75 12 81 61 M +47 909 15 267 -Opprinnelig melding- Fra: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] På vegne av Thomas Anderson Sendt: 8. mai 2012 14:49 Til: openssl-users@openssl.org Emne: Re: PHP openssl_x509_parse extensions=subjectAltName Can you post the certificate in question? I'm a bit curious as to how phpseclib's File_X509 would parse it. eg. [?php] include('File/X509.php'); $x509 = new File_X509(); print_r$x509-loadX509($_SERVER['SSL_CLIENT_CERT'])); [/?php] On Tue, May 8, 2012 at 7:01 AM, Johansen Daniel daniel.johan...@evry.com wrote: [?php] $x509 = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']); $subjectAltName = $x509['extensions']['subjectAltName']; [/?php] When parsing a x509 certificate and ['extensions']['subjectAltName'] contains a newline or space as shown below: othername: Princpal name=t...@test.com The value in this case Princpal name=t...@test.com will not be shown. $subjectAltName as shown in the code will display othername:, and only that. Expected result: echo $subjectAltName; // Should print othername: Princpal name=t...@test.com Is this a bug or ignorance on my part ? __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org