Menu
▾
▴
Re: [Ejbca-develop] Domain Controller cert req format?
|
From: Tomas G. <to...@pr...> - 2013-05-06 06:46:35
|
The extensions are added by EJBCA, from the certificate profile configured in EJBCA. By default the extensions (potentially harmful) in the request are ignored. Cheers, Tomas "Gémes Géza" <ge...@kz...> skrev: >Hi, > >Another question about the request: are the Requested Extensions >important, or are they added to the cert by EJBCA regardless if the >certificate profile is domain controller? I ask that because still >couldn't figure out how to add both DNS and otherName as SubjectAltname > >programaticaly (with m2crypto) (the first always wins). > >Cheers, > >Geza Gemes >> Hi, >> >> This sounds awesome! If you get it working we will really like an >> updated guide for that. >> >> Attributes in the certificate request should not be needed. EJBCA by >> default uses the information registered when you create the end >entity >> in EJBCA, and ignores the user supplied attributes in the request >(they >> may be dangerous, the user probably knows nothing about PKI). >> >> The certificate request is fully valid without any extra attributes. >> >> Cheers, >> Tomas >> >> On 05/01/2013 07:49 PM, Gémes Géza wrote: >>> Hi, >>> >>> I'm working on an addendum to the smart card logon howto >>> (http://download.primekey.se/ejbca/smartcardlogon/) in order to make >an >>> equivalent (the Windows dc part) for a Samba Active Directory DC. As >>> samba already has python interfaces I've decided to try to code the >>> whole in python. As the ssl library I've choose M2Crypto. The >attached >>> python script produces a similar request (attached) as the vbscript >>> attached to the howto, but it misses to add any attributes. The >question >>> is are they needed, is the certificate request valid without? >>> >>> Cheers >>> >>> Geza Gemes >>> >>> >>> >------------------------------------------------------------------------------ >>> Introducing AppDynamics Lite, a free troubleshooting tool for >Java/.NET >>> Get 100% visibility into your production application - at no cost. >>> Code-level diagnostics for performance bottlenecks with <2% overhead >>> Download for free and get started troubleshooting in minutes. >>> http://p.sf.net/sfu/appdyn_d2d_ap1 >>> >>> >>> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> >------------------------------------------------------------------------------ >> Introducing AppDynamics Lite, a free troubleshooting tool for >Java/.NET >> Get 100% visibility into your production application - at no cost. >> Code-level diagnostics for performance bottlenecks with <2% overhead >> Download for free and get started troubleshooting in minutes. >> http://p.sf.net/sfu/appdyn_d2d_ap1 >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > >------------------------------------------------------------------------------ >Get 100% visibility into Java/.NET code with AppDynamics Lite >It's a free troubleshooting tool designed for production >Get down to code-level detail for bottlenecks, with <2% overhead. >Download for free and get started troubleshooting in minutes. >http://p.sf.net/sfu/appdyn_d2d_ap2 >_______________________________________________ >Ejbca-develop mailing list >Ejb...@li... >https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
