How to issue an entity certificate with a custom DN format?

Question

How to issue an entity certificate with a custom DN format?

In our application, we create certificates for internal objects such as the platform and the user. Our internal objects are identified by custom DNs:

Platform DN: p = file_name
User DN: cn = username, p = file_name

We tried to generate an X.509 certificate for a platform or user using such popular tools as openssl, keytool, implementation of javax.security (BouncyCastle), for example:

keytool -genkey -dname "p=platformName" -alias platformName

However, these tools do not accept / recognize the keyword "P" or require specific keywords, such as "CN" in the DN of the certificate object.

How to issue an entity certificate with a custom DN format?

Note. We do not need DNs containing standard keywords (CN, OU, etc.), since all certificates will be used for internal use of our products (will not be verified by third parties or included in the certificate chain).

+5

certificate x509

dzieciou Jan 05 '12 at 10:17

source share

2 answers

openssl, .

openssl docs

ASN1
oid_section. , OID: OID, OID. openssl ASN1 OBJECT . ASN1 OBJECT - opensl , .

, oids /etc/openssl.conf , , openssl Subject attribute p has no known NID, skipped, , , , .

+4

Burhan Khalid 05 . '12 11:26

jww · Accepted Answer · 2014-03-23T17:44:43+0000

We do not need to have DNs containing standard keywords (CN, OU, etc.)
How to issue an entity certificate with a custom DN format?

Displayed attributes or fields are presentation level details. There is no highlighted field DNper se. The fields used for formation DNare a mashup of other attributes and are arbitrarily selected. They are common C, O, OU, CN, etc.

C, O, OU, CN OID, . OID, , . , ITU X.520 . , . , PKCS 9 OID 1.2.840.113549.1.9.1.

, /, OID ( ). , . , " ".

OID ( "p =..." ), ... / "P". , .

How to issue an entity certificate with a custom DN format?

More articles: