[openssl-users] 802.1AR certificate generation and the config file

Robert Moskowitz rgm at htt-consult.com
Fri Aug 11 15:23:25 UTC 2017

Thanks for the response, Rich.

On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
>> My challenge comes to subjectAltName and its subfield
>> hardwareModuleName
>> per RFC 4108.   I guess I am not 'getting' the subjectAltName section of
>> 'man x509v3_config'.
> Not all forms of SAN names are supported.  If you look in include/openssl/x509v3.h you see the following:
> # define GEN_OTHERNAME   0
> # define GEN_EMAIL       1
> # define GEN_DNS         2
> # define GEN_X400        3
> # define GEN_DIRNAME     4
> # define GEN_EDIPARTY    5
> # define GEN_URI         6
> # define GEN_IPADD       7
> # define GEN_RID         8
> crypto/x509v3/v3_alt.c you can find details and corner-case information.
A couple things.  As we have discussed directly, I am not a coder; 
haven't coded since working with 'B' on Honeywells in the mid-80s. So 
looking at 'C' code is a bit of a struggle.  That said,

Given these supported names, what goes into the config file to create a 
SAN without having to specify it on the command line?

And further it seems you are saying there is no support for HMN at all.

More information about the openssl-users mailing list