client certs with no subjectName only SAN

Erwann Abalea Erwann.Abalea at
Fri Aug 16 16:34:00 UTC 2019


Having a critical extension adds 3 octets (the BOOLEAN tag, length=1, value=0xff). It may, as a side effect, enlarge the number of octets necessary to encode some structure size.

Remove the 2 Netscape extensions, they're way obsolete (don't know why OpenSSL keeps them by default).

If size is a hard constraint:
 - you can probably remove the emailProtection EKU (it's an OID, you'll gain 10 octets). Depending on your use-case, you may need to tweak the EKU (or remove it completely).
 - SKI and AKI extensions may not be necessary
 - Key Usage may be marked as non critical (it's a SHOULD in PKIX)

A quick reading of RFC8002 tells me that you may need to include the IssuerAltName extension as well?

Erwann Abalea

Le 16/08/2019 17:11, « openssl-users au nom de Robert Moskowitz » <openssl-users-bounces at au nom de rgm at> a écrit :

    On 8/16/19 8:41 AM, Viktor Dukhovni wrote:
    >> On Aug 16, 2019, at 6:13 AM, Salz, Rich via openssl-users <openssl-users at> wrote:
    >> subjectAltName is rarely marked as critical; sec of PKIX says "SHOULD mark subjectAltName as non-critical"
    > This is wrong.  When the subject DN is empty, the subjectAltName should be
    > marked as critical.  IIRC some Java implementations reject the certificate
    > otherwise.
    I have just created a client cert with empty subjectName and critical 
    subjectAltName.  Interestingly, it is 4 bytes larger than the earlier 
    non-critical SAN cert.  See below for the output of the cert.
    >> I can believe that OpenSSL doesn't support empty subjectName's.  An empty one, with no relative disintuished name components, is not the same as not present.
    > OpenSSL supports empty (empty RDN sequence) subject DNs.
    > The "-subj /" option is one way to make that happen.
    > Empty is of course different from "absent", which is not
    > possible, since the subject DN is a required component of
    > an X.509 certificate.
    I now have it clear that Empty SN is NOT a cert with NO SN.  It is there 
    with null content.
    Thank you all.
    $ openssl x509 -noout -text -in $dir/certs/device2.cert.pem
             Version: 3 (0x2)
             Serial Number:
             Signature Algorithm: ED25519
             Issuer: CN = 2001:24:28:14::/64
                 Not Before: Aug 16 14:54:58 2019 GMT
                 Not After : Aug 25 14:54:58 2020 GMT
             Subject Public Key Info:
                 Public Key Algorithm: ED25519
                     ED25519 Public-Key:
             X509v3 extensions:
                 X509v3 Basic Constraints:
                 Netscape Cert Type:
                     SSL Client, S/MIME
                 Netscape Comment:
                     OpenSSL Generated Client Certificate
                 X509v3 Subject Key Identifier:
                 X509v3 Authority Key Identifier:
                 X509v3 Key Usage: critical
                     Digital Signature, Non Repudiation, Key Encipherment
                 X509v3 Extended Key Usage:
                     TLS Web Client Authentication, E-mail Protection
                 X509v3 Subject Alternative Name: critical
                     IP Address:2001:24:28:14:2B6E:2C43:A2D8:507C
         Signature Algorithm: ED25519

More information about the openssl-users mailing list