Menu
▾
▴
Re: [Openca-Users] CRL import into Windows error
|
From: David W B. <dbl...@cs...> - 2009-01-19 16:19:37
|
Hi all, Well I added the following to the new_oids section: msCAVersion=1.3.6.1.4.1.311.21.1 msCRLNextPublish=1.3.6.1.4.1.311.21.4 I also added the following to the crl_ext section: authorityKeyIdentifier=keyid:always,issuer:always msCAVersion=DER:02:01:00 Unfortunately I do not know how to specify a value for the CRL Next Publish oid. So I pressed on and generated a CRL with the parameters I knew how to define. Viewing the CRL shows these items in it. But the CRL still fails to import into Windows 2003 with the same error as before. Can anyone give me any insight into the CRL Next Publish oid? ----------------------------------------------------------------- DAVID BLAINE, GCIA , CISSP GDLS-C Lead Information Risk Manager (LIRM) CSC 6000 E. 17 Mile Rd. Sterling Heights MI 48313 GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 | dbl...@cs... | www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. David W Blaine/GIS/CSC@CSC 01/15/2009 03:03 PM Please respond to "Users' Help and Suggestions" <ope...@li...> To "Users' Help and Suggestions" <ope...@li...> cc Subject Re: [Openca-Users] CRL import into Windows error Hi John, Well took your suggestion and googled... I think I found it but want to see what the group says: A native Windows cert includes the following additional extensions Authority Key Identifier CA Version Next CRL Publish I was able to see in the openssl.cnf.template that AuthorityKeyIdentifier existed in the crl_ext section but I'm unsure of the other 2. How to implement? It seems that "CA Version" is the most important as Windows uses that to somehow identify the object within AD. According to this article, this shows adding the OID's that I believe I need: http://archives.neohapsis.com/archives/openbsd/2001-08/2358.html Has anyone else run into this? ----------------------------------------------------------------- DAVID BLAINE, GCIA , CISSP GDLS-C Lead Information Risk Manager (LIRM) CSC 6000 E. 17 Mile Rd. Sterling Heights MI 48313 GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 | dbl...@cs... | www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Openca-Users mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openca-users |
