[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How read Subject Alternative Name



Love Hörnquist Åstrand ha scritto:
> 7 dec 2006 kl. 15.38 skrev Alberto Fondi:
>
>> Hi group,
>>
>>    i have another question, how can i read the Subject Alternative 
>> Name, because openssl can't do it ? Infact it gives me this message:
>>
>> X509v3 Subject Alternative Name:                othername:<unsupported>
>
> If you want until tomorrows dated snapshot or use cvs, just commited 
> the code,
> you can use hxtool to print the OtherName. Its not pretty, but will tell
> you want you need.
>
> $ hxtool print --content FILE:pkinit.crt
> cert: 0
>     private key: no
>     issuer:  "C=SE,CN=hx509 Test Root CA"
>     subject: "CN=pkinit,C=SE"
>     keyusage: keyEncipherment, nonRepudiation, digitalSignature
> subject name: CN=pkinit,C=SE
> issuer name: C=SE,CN=hx509 Test Root CA
> Validity:
>         notBefore 2006-11-23 37:37:08
>         notAfter  2016-11-20 37:37:08
> checking extention: basicConstraints
>         Critical not set on MUST
>         is NOT a CA
> checking extention: keyUsage
>         Critical not set on SHOULD
> checking extention: subjectKeyIdentifier
> checking extention: subjectAltName
> subjectAltName otherName pk-init: bar@TEST.H5L.SE
>
>
>
> Love
>
>
Sorry i did what you you say but i obtain:


 /home/alberto/heimdal-0.8-rc2/lib/hx509/hxtool print --content 
FILE:/home/alberto/heimdal-0.8-rc2/lib/hx509/data/pkinit.crt
cert: 0
    private key: no
    issuer:  "C=SE,CN=hx509 Test Root CA"
    subject: "CN=pkinit,C=SE"
    keyusage: keyEncipherment, nonRepudiation, digitalSignature
subject name: CN=pkinit,C=SE
issuer name: C=SE,CN=hx509 Test Root CA
Validity:
        notBefore 2006-11-23 37:37:08
        notAfter  2016-11-20 37:37:08
checking extention: basicConstraints
        Critical not set on MUST
        is NOT a CA
checking extention: keyUsage
        Critical not set on SHOULD
checking extention: subjectKeyIdentifier
checking extention: subjectAltName
other name oid: 1.3.6.1.5.2.2

what can i do?