SubjectAltName: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
(Created page with "OpenSSL's subjectAltName https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#Subject-Alternative-Name The subject alternative name extension allows various lite...")   (change visibility)
 
No edit summary   (change visibility)
 
Line 17: Line 17:
  subjectAltName=email:my@other.address,RID:1.2.3.4
  subjectAltName=email:my@other.address,RID:1.2.3.4
  subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
  subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
  subjectAltName=dirName:dir_sect
  subjectAltName=dirName:dir_sect
  [dir_sect]
  [dir_sect]
  C=UK
  C=UK
Line 25: Line 23:
  OU=My Unit
  OU=My Unit
  CN=My Name
  CN=My Name
https://tools.ietf.org/html/rfc5280#section-4.2.1.6
GeneralName ::= CHOICE {
    otherName                [0]  AnotherName,
    rfc822Name                [1]  IA5String,
    dNSName                  [2]  IA5String,
    x400Address              [3]  ORAddress,
    directoryName            [4]  Name,
    ediPartyName              [5]  EDIPartyName,
    uniformResourceIdentifier [6]  IA5String,
    iPAddress                [7]  OCTET STRING,
    registeredID              [8]  OBJECT IDENTIFIER }

Latest revision as of 11:07, 23 July 2018

OpenSSL's subjectAltName


https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#Subject-Alternative-Name


The subject alternative name extension allows various literal values to be included in the configuration file. These include email (an email address) URI a uniform resource indicator, DNS (a DNS domain name), RID (a registered ID: OBJECT IDENTIFIER), IP (an IP address), dirName (a distinguished name) and otherName.


otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard ASN1_generate_nconf(3) format.

Examples: 

subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
subjectAltName=IP:192.168.7.1
subjectAltName=IP:13::17
subjectAltName=email:my@other.address,RID:1.2.3.4
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
subjectAltName=dirName:dir_sect
[dir_sect]
C=UK
O=My Organization
OU=My Unit
CN=My Name

https://tools.ietf.org/html/rfc5280#section-4.2.1.6 

GeneralName ::= CHOICE {
    otherName                 [0]  AnotherName,
    rfc822Name                [1]  IA5String,
    dNSName                   [2]  IA5String,
    x400Address               [3]  ORAddress,
    directoryName             [4]  Name,
    ediPartyName              [5]  EDIPartyName,
    uniformResourceIdentifier [6]  IA5String,
    iPAddress                 [7]  OCTET STRING,
    registeredID              [8]  OBJECT IDENTIFIER }
Retrieved from "https://mendelonline.be/wiki/index.php?title=SubjectAltName&oldid=551"