[openssl-users] How to add CT Precertificate SCTs to a server certificate?
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Apr 20 15:51:58 UTC 2015
On Mon, Apr 20, 2015 at 01:57:47PM +0000, Salz, Rich wrote:
> > How do we use `openssl req` and a CONF file to add the information
> > (assuming we already have the certified timestamps)?
>
> Ouch, that's gonna be nasty. Look at ASN1_generate_nconf.pod Most likely have to use the SEQUENCE type, recursively. Ouch indeed.
>
> A patch to let you specify the DER directly would be useful.
No patch required:
http://web.mit.edu/crypto/openssl.cnf
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
--
Viktor.
More information about the openssl-users
mailing list