Menu
▾
▴
Re: [Ejbca-develop] OID Name in SAN for Search Guard node TLS certificate
|
From: Tomas G. <to...@pr...> - 2017-05-09 14:05:15
|
What is OIDName and where is it specified? RFC5280 specifies SANs, se section 4.2.1.6. https://www.ietf.org/rfc/rfc5280.txt I can't find OIDName there. My best guess is that you mean registeredID, but the Search Guard spec should explain better what OIDName is, since it's not one of the standard SAN fields. I can't find it in the RedHat spec that it points to either... Cheers, Tomas ********** PrimeKey Solutions AB Lundagatan 16, 171 63 Solna, Sweden Mob: +46 (0)707421096 Internet: www.primekey.com Twitter: twitter.com/primekeyPKI ********** On 2017-05-09 15:53, Willi Trace wrote: > Dear All, > > I would like to issue certificates for Search Guard through EJBCA. > Search Guard has its own requirements for certificate SAN which should > contain OID Name with some value (default 1.2.3.4.5.5): > https://github.com/floragunncom/search-guard-docs/blob/master/tls_node_certificates.md > > How can be such SAN configured in EJBCA? > > There are these options: > RFC 822 Name > DNS Name > IP Address > Directory Name > Uniform Resource Identifier > MS UPN > MS GUID > Kerberos KPN > Permanent Identifier > > I tried to use Permanent Identifier with value OIDName/1.2.3.4.5.5 but > it is not correct. > According keytool -list -v I have the following: > #8: ObjectId: 2.5.29.17 Criticality=false > SubjectAlternativeName [ > Other-Name: Unrecognized ObjectIdentifier: 1.3.6.1.5.5.7.8.3 > ] > > Instead of > #8: ObjectId: 2.5.29.17 Criticality=false > SubjectAlternativeName [ > OIDName: 1.2.3.4.5.5 > ] > > Is there any way how to do it in EJBCA or it should be developed somehow > as custom SAN OID? > > Best regards > WT > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
