[openssl-users] Certificate template information
Jakob Bohm
jb-openssl at wisemo.com
Tue Apr 28 03:17:17 UTC 2015
On 28/04/2015 02:59, Salz, Rich wrote:
>> I have need to identify a Microsoft generated certificate's template name, I believe as part of oid 1.3.6.1.4.1.311.21.7
> Where, in a cert OtherName field?
It is an extension. Microsoft certificate server (their
bundled CA software) puts the name of the "certificate
template" (analogous to an openssl.cnf section) in a
certificate extension, and a few other Microsoft tools
unfortunately check this name in addition to more
relevant conditions such as EKU values etc.
The form I know of can be implemented as follows in
openssl.cnf (in the [sometemplatename_cert] section of
the file):
# enrollCerttypeExtension (1 3 6 1 4 1 311 20 2)
# OCTET STRING, encapsulates {
# BMPString 'SomeTemplateName'
# }
# }
1.3.6.1.4.1.311.20.2 = ASN1:BMP:SomeTemplateName
I am not sure about the 1.3.6.1.4.1.311.21.7 OID, but it
might be similar.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list