Adding subjectAltName:OtherName in cert request
Manish Patidar
mann.patidar at gmail.com
Tue May 21 19:24:36 UTC 2024
Hi,
I need to add the following in the certificate request.
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
subjectAltName = GeneralNames
otherName [0] OtherName
OtherName ::= Sequence {
Id-on-hardwareModuleName OBJECT IDENTIFIER ::= iso(1)
identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) on(8) 4
HardwareModuleName ::= SEQUENCE {
hwType OBJECT IDENTIFIER
hwSerialNum OCTET STRING
}
}
I able to generate the certificate required using openSSl cmd line with
conf where following was added in config file
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
*subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname*
*[hmodname]*
*hwType = OID:1.3.6.1.4.1.47196.6.3.2.2*
*hwSerialNum = FORMAT:HEX,OCT:01020304 *
I need to do add subject alt name in certificate request using openSSL
API.( not using config file)
I have tried to use GENERAL_NAME_set0_othername , but I am not able to add
an inner sequence.
Can someone suggest how we can add this using OpenSSL APIs
Regards
Manish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20240522/ca4d9896/attachment.htm>
More information about the openssl-users
mailing list