802.1AR certificate generation and the config file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Now that I can build a generic PKI with EDDSA, the next step is to add creation of 802.1AR iDevID certificates. I am using the current draft, sec 8, 802.1ARce-d2-2, but for this purpose it is essentially the same (but clearer written) as sec 7, 802.1AR-2009.

I start with making the following section in my openssl.cnf file:

[ 8021AR_idevid ]
# Extensions for IEEE 802.1AR iDevID certificates (`man ????`).
basicConstraints = CA:FALSE
# subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment

Note that clause 7.6 says:

"The Subject Key Identifier extension should not be included in DevID certificates."

The clause goes on to state that Subject Key Identifier IS included in CA certificates for certificate path building.

My challenge comes to subjectAltName and its subfield hardwareModuleName per RFC 4108. I guess I am not 'getting' the subjectAltName section of 'man x509v3_config'.

Any help greatly appreciated.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux