[openssl-users] OpenSSL LogoType extension ASN1 encoding

Valentin Bud valentin.bud at gmail.com
Sun Jan 18 10:13:08 UTC 2015

Hello everyone,

I am trying to add the logotype extension to certificates under
a private CA I am taking care of. The CA is built using OpenVPN's
Easy-RSA 3 tool, though I think that doesn't matter in this

I have some questions regarding this matter. Before digging into
details I will tell you the problem I want to solve. I have multiple
different logos.

Searching the Internet I have found an E-Mail from November 2010 [1].
Based on that information I have reached to the following snippet
of configuration:

cat ./exts

# Logos              = ASN1:SEQUENCE:logotype_ext




capabilityID = OID:sha1
parameter = NULL

I receive the following error when I try to issue a certificate using
The same when I use the easyrsa wrapper script.

$ openssl ca -in 10.req -out 10.crt -config openssl-1.0.cnf -extfile exts
-days 3650 -batch

Using configuration from openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'DE'
organizationName      :ASN.1 12:'10'
organizationalUnitName:ASN.1 12:'Cortex AG Trust Network'
organizationalUnitName:ASN.1 12:'(c) Cortex AG - For authorized use only!'
commonName            :ASN.1 12:'Cortex AG Root Certification Authority'
ERROR: adding extensions in section default
6987:error:22074074:X509 V3 routines:V3_GENERIC_EXTENSION:extension value

I have tried changing SEQWRAP with SEQUENCE and also variations I have
found in [1]. None of them worked.

Can someone please tell me what am I doing wrong. Also I have a couple of
logos I want to add to the certificate. How would I encode that in

[1]: http://openssl.6102.n7.nabble.com/Logotype-encoding-td15882.html

Thank you,
Valentin Bud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150118/aa2c1feb/attachment-0001.html>

More information about the openssl-users mailing list