Menu
▾
▴
Re: [Ejbca-develop] Domain Controller cert req format?
|
From: Gémes G. <ge...@kz...> - 2013-05-05 18:00:37
|
Hi, Another question about the request: are the Requested Extensions important, or are they added to the cert by EJBCA regardless if the certificate profile is domain controller? I ask that because still couldn't figure out how to add both DNS and otherName as SubjectAltname programaticaly (with m2crypto) (the first always wins). Cheers, Geza Gemes > Hi, > > This sounds awesome! If you get it working we will really like an > updated guide for that. > > Attributes in the certificate request should not be needed. EJBCA by > default uses the information registered when you create the end entity > in EJBCA, and ignores the user supplied attributes in the request (they > may be dangerous, the user probably knows nothing about PKI). > > The certificate request is fully valid without any extra attributes. > > Cheers, > Tomas > > On 05/01/2013 07:49 PM, Gémes Géza wrote: >> Hi, >> >> I'm working on an addendum to the smart card logon howto >> (http://download.primekey.se/ejbca/smartcardlogon/) in order to make an >> equivalent (the Windows dc part) for a Samba Active Directory DC. As >> samba already has python interfaces I've decided to try to code the >> whole in python. As the ssl library I've choose M2Crypto. The attached >> python script produces a similar request (attached) as the vbscript >> attached to the howto, but it misses to add any attributes. The question >> is are they needed, is the certificate request valid without? >> >> Cheers >> >> Geza Gemes >> >> >> ------------------------------------------------------------------------------ >> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET >> Get 100% visibility into your production application - at no cost. >> Code-level diagnostics for performance bottlenecks with <2% overhead >> Download for free and get started troubleshooting in minutes. >> http://p.sf.net/sfu/appdyn_d2d_ap1 >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |