Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

What is OID 1.3.6.1.4.1.311.21.10?

1,851 views
Skip to first unread message

arao

unread,
Mar 11, 2005, 8:47:30 PM3/11/05
to
Hello,

Can anyone please tell me what is OID 1.3.6.1.4.1.311.21.10?
This appears to be Microsoft specific - 1.3.6.1.4.1.311.21 is assigned to
Microsoft CertServ Infrastructure.

I want to know how do I handle this OID in my parser. I converted .PFX to
PEM and I am parsing the PEM file. The PEM file has this OID. My parser is
running on a non-windows client. This parser is neither OpenSSL nor derived
from it. I want to know how do I handle this OID - what is this extension?
OpenSSL was not able to put a name to this OID.

Searching the web I found some limited information - it has 2 Elements -
Flags and Length. Some kind of store for Application Policies? PFX->PEM was
for a EAP-TLS - here are some of the x509v3 Extensions from that
certificate.

X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication
1.3.6.1.4.1.311.21.10: critical
0.0

Thanks
Abhijit


Valery Pryamikov

unread,
Mar 12, 2005, 5:56:01 AM3/12/05
to
Hi,

From wincrypt.h (from platform SDK):
// Application Policies extension -- same encoding as szOID_CERT_POLICIES
#define szOID_APPLICATION_CERT_POLICIES "1.3.6.1.4.1.311.21.10"

As far as I understand it - this is Microsoft extension that allows or
disallows aplying application defined policies to certificate templates. You
surely can ignore it.

-Valery.
http://www.harper.no/valery

"arao" <abhij...@nospam.nospam> wrote in message
news:O6bz0VqJ...@tk2msftngp13.phx.gbl...

davidho...@gmail.com

unread,
Nov 7, 2018, 8:50:57 PM11/7/18
to
If it is marked as critical, then the client is obliged to not ignore it and reject the certificate. Pretty bad form to not have the encoding of this made public.
0 new messages