Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Certificate attribute "UID"?

2,218 views
Skip to first unread message

Henning Mohren

unread,
May 19, 2003, 5:17:24 AM5/19/03
to
Hi,

I'm trying to add an attribute "UID" to our certificates in order to
evaluate this attribute with an apache webserver and to pass the
contents of this attribute to (self-developed) web applications.

To generate certificates with this attribute, I use the following format
for the request:
C = $C
O = $O
OU = $OU
CN = $CN
UID = $userid
emailAddress = $email
SPKAC = $SPKAC

And, of course, I had to modify my openssl.cnf:
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
UID = optional

Now, when I apply for a certificate, I get a certificate containing the
attributes C, O, OU, CN, UID and Email (with Netscape/Mozilla) or C, O,
OU, CN, 0.9.2342.19200300.100.1.1 and Email (with Opera, Internet
Explorer), respectively.

Of course, 0.9.2342.19200300.100.1.1 is the correct OID for the
attribute "UID".

My questions now are:
1. Is there a way to get "UID" instead of "0.9.2342.19200300.100.1.1"
when using Opera/Internet Explorer?
2. When I try to read the environment variables with PHP [phpinfo();], I
get all the attributes C, O, OU, CN and Email as webserver environment
variables. But I'm missing UID. Any hints?

Many thanks in advance!

Mit freundlichen Grüßen/kind regards
Henning Mohren

---------------------------------------------------------
Henning Mohren Universitätsrechenzentrum

FernUniversität in Hagen

Universitätsstraße 21 / AVZ I
58084 Hagen
---------------------------------------------------------

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Dr. Stephen Henson

unread,
May 19, 2003, 7:28:02 AM5/19/03
to

Applications typically have a lookup table matching OIDs to names. If the OID
isn't registered then you get the numerical form.

Opera uses OpenSSL doesn't it? If so then anything compiled with a version of
OpenSSL containing UID should work provided they've used the correct
functions.

MSIE dunno, probably not.

PHP again check if it uses the latest version of OpenSSL.

Steve.
--
Dr Stephen N. Henson.
Core developer of the OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.demon.co.uk/
Email: she...@drh-consultancy.demon.co.uk, PGP key: via homepage.

Juan Angel Martin

unread,
May 19, 2003, 7:32:22 AM5/19/03
to
You can get the UID from SSL_SERVER_S_DN

Henning Mohren escribió:


>
>


> Many thanks in advance!
>
> Mit freundlichen Grüßen/kind regards
> Henning Mohren
>
> ---------------------------------------------------------
> Henning Mohren Universitätsrechenzentrum
>
> FernUniversität in Hagen
>
> Universitätsstraße 21 / AVZ I
> 58084 Hagen
> ---------------------------------------------------------
>

0 new messages