From: Tomas G. <to...@pr...> - 2010-01-26 06:31:30
|
Interesting to hear about this standard. Glad that it works for you. Feel free to contact PrimeKey if you need assistance in the future. Cheers, Tomas On 01/26/2010 03:27 AM, dubutianya wrote: > Sorry, I mean the DNQ's value is a base64(sha1(publickey)) string in our > case. > > As for "Do you have any standard that says if must be > base64(sha1(publickey))?", see "certificate" part in "DCI( Digital Cinema > Initiatives) specification", if you have interest in it . > > I tried your method 2 and my problem had been resolved > > Thanks Tomas .Very thanks. > > > > > Tomas Gustavsson wrote: > >> >> What do you mean by "not a common field"? It is specified as an X.520 >> attribute. >> >> See for example >> http://www.imc.org/ietf-pkix/old-archive-99/msg02900.html >> for a discussion about the value. >> >> Do you have any standard that says if must be base64(sha1(publickey))? >> >> In EJBCA you can put whatever you want in the dn qualifier (as long as >> it is a PrintableString as the spec says). >> >> Using the base64 encoding does not seem completely suitable. There is no >> automatic support for using the publicKey in the dn qualifier in EJBCA, >> but you can accomplish it using different methods. >> 1. Edit user before issuing the certificate, giving the value you want >> 2. Use "overrride subject DN" and create certificate requests with the >> dn qualifier that you desire. >> 3. Probably something else that I can't think of right now... >> >> Cheers, >> Tomas >> ----- >> >> PrimeKey Solutions offers a commercial EJBCA support subscription and >> training for EJBCA. Please see www.primekey.se or contact in...@pr... >> for more information. >> http://www.primekey.se/Services/Support/ >> http://www.primekey.se/Services/Training/ >> >> >> On 01/25/2010 08:22 AM, dubutianya wrote: >> >>> But the "DNQ" is not a common field, >>> >>> it is a special string. like: base64(sha1(publickey)) >>> >>> So, i can't get the publicKey at the moment, and i can't get the "DNQ" >>> value. >>> >>> I'm sorry about my poor English :< >>> >>> >>> >>> >>> >>> Tomas Gustavsson wrote: >>> >>> >>>> Use DN, like: >>>> cn=foo,dn=qualf,c=se >>>> >>>> Cheers, >>>> Tomas >>>> ----- >>>> >>>> PrimeKey Solutions offers a commercial EJBCA support subscription and >>>> training for EJBCA. Please see www.primekey.se or contact >>>> in...@pr... >>>> for more information. >>>> http://www.primekey.se/Services/Support/ >>>> http://www.primekey.se/Services/Training/ >>>> >>>> >>>> On 01/25/2010 06:15 AM, dubutianya wrote: >>>> >>>> >>>>> Hi all seniors, My ejbca version is 3.4.3. >>>>> >>>>> As this message title, when i create a "ROOTCA"(Self Signed) and enter >>>>> the >>>>> "Subject DN" like this "CN=**,O=**,C=**",how can i get the "DNQ" and >>>>> enter >>>>> it? >>>>> >>>>> Thanks ! >>>>> >>>>> >>>>> >>>> ------------------------------------------------------------------------------ >>>> Throughout its 18-year history, RSA Conference consistently attracts the >>>> world's best and brightest in the field, creating opportunities for >>>> Conference >>>> attendees to learn about information security's most important issues >>>> through >>>> interactions with peers, luminaries and emerging and established >>>> companies. >>>> http://p.sf.net/sfu/rsaconf-dev2dev >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejb...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>>> >>>> >>>> >>> >>> >> >> ------------------------------------------------------------------------------ >> Throughout its 18-year history, RSA Conference consistently attracts the >> world's best and brightest in the field, creating opportunities for >> Conference >> attendees to learn about information security's most important issues >> through >> interactions with peers, luminaries and emerging and established >> companies. >> http://p.sf.net/sfu/rsaconf-dev2dev >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> >> > |