Setting Issuer Alternative Name
Viktor Dukhovni
openssl-users at dukhovni.org
Thu May 11 16:33:13 UTC 2023
On Thu, May 11, 2023 at 11:26:25AM -0400, Robert Moskowitz wrote:
> In rfc5280:
>
> IssuerAltName ::= GeneralNames
>
> GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
>
> GeneralName ::= CHOICE {
> otherName [0] OtherName,
> rfc822Name [1] IA5String,
> dNSName [2] IA5String,
> x400Address [3] ORAddress,
> directoryName [4] Name,
> ediPartyName [5] EDIPartyName,
> uniformResourceIdentifier [6] IA5String,
> iPAddress [7] OCTET STRING,
> registeredID [8] OBJECT IDENTIFIER }
>
> So since I want a DET as IssuerAltName (e.g.
> 20010030000000052aeb9adc1ce8b1ecO), it seems that iPAddress is the only
> thing that works. So in the config file, I tried:
No, you would use "otherName", which is a combination of an OID and
corresponding data. You would register (if there isn't one already) a
suitable OID for DET-values, and choose a suitable DET encoding to go
with that OID.
--
Viktor.
More information about the openssl-users
mailing list