Re: [Ejbca-develop] OID Name in SAN for Search Guard node TLS certificate

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

According this example:
https://github.com/floragunncom/search-guard-ssl/blob/5.3.0/example-pki-scripts/gen_node_cert_openssl.sh

It seems that OIDName is registeredID.
The same as SAN type oid in Java keytool.

How can I set registeredID in SAN in EJBCA End Entity Profile?

Best regards,
WT

On Tuesday, May 9, 2017, Tomas Gustavsson <to...@pr...> wrote:

>
> What is OIDName and where is it specified?
>
> RFC5280 specifies SANs, se section 4.2.1.6.
> https://www.ietf.org/rfc/rfc5280.txt
>
> I can't find OIDName there.
>
> My best guess is that you mean registeredID, but the Search Guard spec
> should explain better what OIDName is, since it's not one of the
> standard SAN fields. I can't find it in the RedHat spec that it points
> to either...
>
> Cheers,
> Tomas
> **********
> PrimeKey Solutions AB
> Lundagatan 16, 171 63 Solna, Sweden
> Mob: +46 (0)707421096
> Internet: www.primekey.com
> Twitter: twitter.com/primekeyPKI
> **********
>
>
> On 2017-05-09 15:53, Willi Trace wrote:
> > Dear All,
> >
> > I would like to issue certificates for Search Guard through EJBCA.
> > Search Guard has its own requirements for certificate SAN which should
> > contain OID Name with some value (default 1.2.3.4.5.5):
> > https://github.com/floragunncom/search-guard-docs/blob/master/tls_node_
> certificates.md
> >
> > How can be such SAN configured in EJBCA?
> >
> > There are these options:
> > RFC 822 Name
> > DNS Name
> > IP Address
> > Directory Name
> > Uniform Resource Identifier
> > MS UPN
> > MS GUID
> > Kerberos KPN
> > Permanent Identifier
> >
> > I tried to use Permanent Identifier with value OIDName/1.2.3.4.5.5 but
> > it is not correct.
> > According keytool -list -v I have the following:
> > #8: ObjectId: 2.5.29.17 Criticality=false
> > SubjectAlternativeName [
> >   Other-Name: Unrecognized ObjectIdentifier: 1.3.6.1.5.5.7.8.3
> > ]
> >
> > Instead of
> > #8: ObjectId: 2.5.29.17 Criticality=false
> > SubjectAlternativeName [
> >   OIDName: 1.2.3.4.5.5
> > ]
> >
> > Is there any way how to do it in EJBCA or it should be developed somehow
> > as custom SAN OID?
> >
> > Best regards
> > WT
> >
> >
> > ------------------------------------------------------------
> ------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> >
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li... <javascript:;>
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li... <javascript:;>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>