Menu
▾
▴
Re: [Ejbca-develop] Domain Controller cert req format?
|
From: Gémes G. <ge...@kz...> - 2013-05-06 07:23:55
|
Thank you! That means I can finish the request part today! Cheers Geza Gemes > The extensions are added by EJBCA, from the certificate profile > configured in EJBCA. By default the extensions (potentially harmful) > in the request are ignored. > > Cheers, > Tomas > > > "Gémes Géza" <ge...@kz...> skrev: > > Hi, > > Another question about the request: are the Requested Extensions > important, or are they added to the cert by EJBCA regardless if the > certificate profile is domain controller? I ask that because still > couldn't figure out how to add both DNS and otherName as SubjectAltname > programaticaly (with m2crypto) (the first always wins). > > Cheers, > > Geza Gemes > > Hi, This sounds awesome! If you get it working we will really > like an updated guide for that. Attributes in the certificate > request should not be needed. EJBCA by default uses the > information registered when you create the end entity in > EJBCA, and ignores the user supplied attributes in the request > (they may be dangerous, the user probably knows nothing about > PKI). The certificate request is fully valid without any extra > attributes. Cheers, Tomas On 05/01/2013 07:49 PM, Gémes Géza > wrote: > > Hi, I'm working on an addendum to the smart card logon > howto (http://download.primekey.se/ejbca/smartcardlogon/) > in order to make an equivalent (the Windows dc part) for a > Samba Active Directory DC. As samba already has python > interfaces I've decided to try to code the whole in > python. As the ssl library I've choose M2Crypto. The > attached python script produces a similar request > (attached) as the vbscript attached to the howto, but it > misses to add any attributes. The question is are they > needed, is the certificate request valid without? Cheers > Geza Gemes > ------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool > for Java/.NET Get 100% visibility into your production > application - at no cost. Code-level diagnostics for > performance bottlenecks with <2% overhead Download for > free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > ------------------------------------------------------------------------ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for > Java/.NET Get 100% visibility into your production application > - at no cost. Code-level diagnostics for performance > bottlenecks with <2% overhead Download for free and get > started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > ------------------------------------------------------------------------ > Ejbca-develop mailing list Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > ------------------------------------------------------------------------ > > Get 100% visibility into Java/.NET code with AppDynamics Lite > It's a free troubleshooting tool designed for production > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap2 > ------------------------------------------------------------------------ > > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
