'How to set custom value in SAN while generating CSR in java?
Need to generate CSR with SAN like this
Subject Alternative Names: DirName:/SN=1345332443jff432/UID=12347577400003/title=0011/registeredAddress=Sample E/businessCategory=Sample Business
Solution 1:[1]
I had the similar problem just last week, but with additional signing of rootCA key:
function genExtfile() {
domain=$1
cat << EOF
authorityKeyIdentifier=keyid,issuer\n
keyUsage=critical,digitalSignature,keyEncipherment\n
extendedKeyUsage = serverAuth, clientAuth\n
subjectAltName = @alt_names\n
[alt_names]\n
DNS.1 = $domain
DNS.2 = $domain/foobar
EOF
}
extFile=$(genExtfile mydomain.com)
openssl x509 -req -in mydomain.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial \
-out mydomain.com.crt -days 4000 -sha512 -passin pass:rootCAPwd -extfile <(printf "$extFile")
Solution 2:[2]
Able to add directory names using bouncy castle except title and registeredAddress.
Those two are throwing error as invalid OID's..
GeneralName[] subjectAltNames = new GeneralName[] {
new GeneralName(GeneralName.directoryName, "SN=2222232444343jff432,UID=310175397400003," +
// "title=1011,registeredAddress=Sample E," +
"businessCategory=Sample Business") };
Extension subjectAltName =
Extension.create(Extension.subjectAlternativeName, false, new GeneralNames(subjectAltNames));
Any idea on how to add the invalid OIDs?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Tavark |
| Solution 2 | marc_s |