On Fri, Aug 11, 2017, Robert Moskowitz wrote: > Frustrated... > > On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote: > >>My challenge comes to subjectAltName and its subfield > >>hardwareModuleName > >>per RFC 4108. I guess I am not 'getting' the subjectAltName section of > >>'man x509v3_config'. > >Not all forms of SAN names are supported. If you look in include/openssl/x509v3.h you see the following: > ># define GEN_OTHERNAME 0 > ># define GEN_EMAIL 1 > ># define GEN_DNS 2 > ># define GEN_X400 3 > ># define GEN_DIRNAME 4 > ># define GEN_EDIPARTY 5 > ># define GEN_URI 6 > ># define GEN_IPADD 7 > ># define GEN_RID 8 > > I just spent over an hour googling around as well as reading openssl > docs to get a list of distinguished_name fields. Both in their full > form and abbreviated form. All I fined are the common ones in > examples. > > And for the list above for SAN, how are they presented in the > openssl cli/config. Again, just not finding it. > > My search foo is weak. > > pointers greatly appreciated. > You can use the mini-ASN.1 compiler with the otherName syntax. This will create the extension in the appropriate form but you wont get it displayed. In outline it's like this: ---- # Use id-on-hardwareModuleName OID with otherName subjectAltName = otherName:1.3.6.1.5.5.7.8.4;SEQ:hmodname [hmodname] hwType = OID:1.2.3.4 # Whatever OID you want. hwSerialNum = FORMAT:HEX,OCT:01020304 # Some hex ---- Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
