Μερλιν's home

User Tools

Site Tools

You are here: Μερλιν's home » Notes » X509 PKI
notes:x509_pki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
notes:x509_pki [2023/08/06 18:01] – [OIDs and ASN1] Nikita Kipriyanovnotes:x509_pki [2023/08/06 18:38] (current) Nikita Kipriyanov
Line 7: Line 7:
   * [[https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line|Provide subjectAltName to openssl directly on the command line]]   * [[https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line|Provide subjectAltName to openssl directly on the command line]]
   * [[wp>Subject Alternative Name]]   * [[wp>Subject Alternative Name]]
-  * [[https://www.wikihow.com/Be-Your-Own-Certificate-Authority| How to Be Your Own Certificate Authority]] (contains outdated and/or suboptimal suggestions) 
-  * [[https://security.stackexchange.com/questions/106257/alternatives-to-htmls-deprecated-keygen-for-client-certs/|Alternatives to HTML's deprecated <keygen> for client certs?]] — generating certificates in a browser 
  
 ===== OIDs and ASN1 ===== ===== OIDs and ASN1 =====
Line 16: Line 14:
   * [[https://knowledge.digicert.com/quovadis/ssl-certificates/csr-generation/inserting-custom-oids-into-openssl.html|Inserting Custom OIDs into OpenSSL]] — contains error or outdated information; in the last example one should specify syntax like this: ''MyOutstandingOID=ASN1:UTF8String:Hubert Dean'' in the last line of the config for it to work with modern OpenSSL   * [[https://knowledge.digicert.com/quovadis/ssl-certificates/csr-generation/inserting-custom-oids-into-openssl.html|Inserting Custom OIDs into OpenSSL]] — contains error or outdated information; in the last example one should specify syntax like this: ''MyOutstandingOID=ASN1:UTF8String:Hubert Dean'' in the last line of the config for it to work with modern OpenSSL
   * [[https://stackoverflow.com/questions/14623335/how-to-specify-the-syntax-for-values-of-private-oids-while-configuring-in-openss|How to specify the Syntax for Values of Private OIDs while configuring in OpenSSL?]] — contains an explanation of the problem in previous point   * [[https://stackoverflow.com/questions/14623335/how-to-specify-the-syntax-for-values-of-private-oids-while-configuring-in-openss|How to specify the Syntax for Values of Private OIDs while configuring in OpenSSL?]] — contains an explanation of the problem in previous point
 +  * OpenSSL manual pages:
 +    * [[https://www.openssl.org/docs/man1.1.1/man5/x509v3_config.html|x509v3_config (5)]] --- on adding arbitrary extensions
 +    * [[https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html|ASN1_generate_nconf]] -- specifying OID syntaxes and input file data format
  
 +===== Other =====
 +  * [[https://security.stackexchange.com/questions/106257/alternatives-to-htmls-deprecated-keygen-for-client-certs/|Alternatives to HTML's deprecated <keygen> for client certs?]] — generating certificates in a browser
 +  * [[https://www.wikihow.com/Be-Your-Own-Certificate-Authority| How to Be Your Own Certificate Authority]] --- contains outdated and/or suboptimal suggestions, but great for showing the general strategy
  
notes/x509_pki.1691344909.txt.gz · Last modified: by Nikita Kipriyanov