Menu
▾
▴
[Ejbca-develop] OID Name in SAN for Search Guard node TLS certificate
|
From: Willi T. <wil...@gm...> - 2017-05-09 13:53:59
|
Dear All, I would like to issue certificates for Search Guard through EJBCA. Search Guard has its own requirements for certificate SAN which should contain OID Name with some value (default 1.2.3.4.5.5): https://github.com/floragunncom/search-guard-docs/blob/master/tls_node_certificates.md How can be such SAN configured in EJBCA? There are these options: RFC 822 Name DNS Name IP Address Directory Name Uniform Resource Identifier MS UPN MS GUID Kerberos KPN Permanent Identifier I tried to use Permanent Identifier with value OIDName/1.2.3.4.5.5 but it is not correct. According keytool -list -v I have the following: #8: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ Other-Name: Unrecognized ObjectIdentifier: 1.3.6.1.5.5.7.8.3 ] Instead of #8: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ OIDName: 1.2.3.4.5.5 ] Is there any way how to do it in EJBCA or it should be developed somehow as custom SAN OID? Best regards WT |
