Ok I can get x509 to accept the extension now,
something like this
extensions = extend
[extend]
#basicConstraints = critical,CA:true
1.3.6.1.4.1..1002 =
DER:06:09:2B:06:01:04:01:D6:1F:87:6A
openssl x509 -in test.crt -text -noout
X509v3 extensions:
1.3.6.1.4.1..1002:
On Fri, Nov 12, 2004, ray v wrote:
Ok I can get x509 to accept the extension now,
something like this
extensions = extend
[extend]
#basicConstraints = critical,CA:true
1.3.6.1.4.1..1002 =
DER:06:09:2B:06:01:04:01:D6:1F:87:6A
openssl x509 -in test.crt -text -noout
X509v3
First of all let me apologize for the red herring of
suggesting using command line options. I keep re-
running into the man req section on -subj while
forgetting that without the private key this is not
useful for changing the subject name in a CSR.
If you haven't already stumbled onto this you
On Thu, Nov 11, 2004, Charles Cranston wrote:
First of all let me apologize for the red herring of
suggesting using command line options. I keep re-
running into the man req section on -subj while
forgetting that without the private key this is not
useful for changing the subject name in a
I wish to add something like
1.3.6.1.4.1..1 to the Distinguished name
something like...
CN=Me,O=FOO,OU=Bar,1.3.6.1.4.1..1=stuff
What's the best way to do this when you need to
specify the -extfile option? Or is it really necessary
to use the -extfile ?
Yes, understood, but in this case someone will send a
certificate request via e-mail, I will not be involved
in making it. I will fill/sign that request and send
it back. The request will come with the standard
information tucked away in the DN.
I need to add information to the DN, something I
OK, the problem you will run into is that the Certificate
Signing Request (CSR) is a DN and Public Key combination
that is signed by the private key. Since this is done by
your client, you will not have access to the private key.
The OpenSSL software, as written, uses this signing as
proof that
