On 06/02/2015 00:21, Florence, Jacques wrote: > > I created a client certificate with custom name attributes: > > In the openssl.cnf file, I addedunder section [ new_oids ] the line: > myattribute=1.2.3.4 > > And under [ req_distinguished_name ] I added the line: myattribute = hello > > If I use the openssl tool x509, I see that my new attribute appears in > the name, after the email address. > > However, when the certificate is sent to the server, the server cannot > read this attribute. > > I used wireshark and saw that my custome attribute is not sent with > the rest of the name. > > Why is that ? > > Are you sure this is what is really happening? If any byte in the signed part of the certificate (and this most certainly includes the name) is changed, the certificate should completely fail to verify. So are you sure the name isn't sent? Maybe it is just the utility you use to display the sent certificate which fails to display unknown name components. P.S. I presume that for any real use, you would use an officially allocated OID to avoid clashing with what other people use. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
