How to create a CSR with a sequence inside the DN? #23881
Unanswered
gingerbeard-man
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
A colleague of mine has a requirement to create CSRs where one of the DN components has a bespoke OID and contains a sequence of integer and string. (Apparently there was a call where the customer explained in detail, referencing various RFCs, why this is perfectly reasonable.)
The desired result should look something like this:
or as
openssl req -subject
outputsubject=/C=DE/2.25.297445648772331985012504424856149258707=0\x16\x02\x01\x01\x13\x11Some-Text-A-12345/O=Disorganized/CN=John Doe
Using a config file we can set the OID but it is unclear how to get the sequence, or if this is even possible with
openssl req
. The below config file only creates a string with the value "ASN1:SEQUENCE:seq_sect". Obviously the syntax that works for extensions is not interpreted as part of the distinguished name.Result:
subject=/C=DE/2.25.297445648772331985012504424856149258707=ASN1:SEQUENCE:seq_sect/O=Disorganized/CN=John Doe
Tried with both 1.1.1w and 3.0.11. I am inclined to write a special tool that will create the expected ASN.1 but if there is some way to achieve it with the regular OpenSSL command line that would be great.
Beta Was this translation helpful? Give feedback.
All reactions