Im trying to add a custom Extension to a CSR using openssl API's:
struct stack_st_X509_EXTENSION *exts = NULL;
X509_EXTENSION *ex;
exts = sk_X509_EXTENSION_new_null();
ASN1_OCTET_STRING *os = ASN1_OCTET_STRING_new();
nid = OBJ_create("2.5.29.41", "CompanyName", "Company Name");
ASN1_OCTET_STRING_set(os,"ABC Corp",8);
ex = X509_EXTENSION_create_by_NID( NULL, nid, 0, os );
sk_X509_EXTENSION_push(exts, ex);
X509_REQ_add_extensions(x, exts);
I request for certificate and I recieve the certificate through SCEP request. (Windows 2008 server) Later When I parse the certificate , I see that the extension displayed is still the OID and not the extension name "Company Name"
X509v3 extensions:
2.5.29.41:
ABC Corp
Am I adding the extension in the correct way? How to get the extension name in the certificate ?
Please help friends..
It is expected behavior. Your extension with OID=2.5.29.41 is non-standard to Windows, therefore you see only OID value. You should not care about this fact as long as your client application has knowledge about this extension and can parse its contents.
Though, I have a strong suspect that you are using this extension wrongly. From what I have found, OID=2.5.29.41 stands for
basicAttConstraintscertificate extension. Reference: http://oidref.com/2.5.29.41. I found sample implementation in Java: Class BasicAttConstraint. The value is expected to be integer and its meaning is similar toPathLengthattribute of the Basic Constraints certificate extension. But you are setting a string there. This makes zero sense.