Re: An example issuing an intermediate CA with policy mappings?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Sep 25, 2018, at 14:34, Krehbiel, Richard <rkrehbiel@xxxxxxxxxx> wrote:
> 
> For my testing I want to explore the behaviors of policies, policy constraints, and policy mappings.  I have figured out how to request and issue certs with custom policy OIDs, but I haven't yet seen a method of granting an intermediate cert with policy mappings.   Can openssl do this?  How?  Thanks.

Yes, I've used "openssl ca" to make certs with policy mappings in the past.  Try something like this in your openssl.cnf, for use with "openssl ca -extensions test_ext" for example.  (I haven't tested with these exact values, but it should be a starting point.)

[openssl_init]
oid_section = new_oids
...

[new_oids]
issuerOID = Issuer Domain Policy, 1.2.3.4.5
subjectOID = Subject Domain Policy, 1.3.5.7.9
...

[test_ext]
policyMappings = @policy_mappings
...

[policy_mappings]
issuerOID = subjectOID

And if you want to map more than one subject domain policy OID to the same issuer domain policy OID, you can use issuerOID.0, issuerOID.1, issuerOID.2, etc, to differentiate them in the policy_mappings section.

Good luck,
  -Dave

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux