SubjectAltName

From WikiWiki
Revision as of 10:07, 23 July 2018 by Mendel (talk | contribs)
(change visibility) (diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

OpenSSL's subjectAltName


https://www.openssl.org/docs/manmaster/man5/x509v3_config.html#Subject-Alternative-Name


The subject alternative name extension allows various literal values to be included in the configuration file. These include email (an email address) URI a uniform resource indicator, DNS (a DNS domain name), RID (a registered ID: OBJECT IDENTIFIER), IP (an IP address), dirName (a distinguished name) and otherName.


otherName can include arbitrary data associated with an OID: the value should be the OID followed by a semicolon and the content in standard ASN1_generate_nconf(3) format.

Examples:

subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
subjectAltName=IP:192.168.7.1
subjectAltName=IP:13::17
subjectAltName=email:my@other.address,RID:1.2.3.4
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
subjectAltName=dirName:dir_sect
[dir_sect]
C=UK
O=My Organization
OU=My Unit
CN=My Name

https://tools.ietf.org/html/rfc5280#section-4.2.1.6

GeneralName ::= CHOICE {
    otherName                 [0]  AnotherName,
    rfc822Name                [1]  IA5String,
    dNSName                   [2]  IA5String,
    x400Address               [3]  ORAddress,
    directoryName             [4]  Name,
    ediPartyName              [5]  EDIPartyName,
    uniformResourceIdentifier [6]  IA5String,
    iPAddress                 [7]  OCTET STRING,
    registeredID              [8]  OBJECT IDENTIFIER }