TinyCA2

Tabitha McNerney tabithamc at gmail.com
Wed Mar 5 22:02:54 PST 2008


Hello all --

I have worked on updating the TinyCA2 source code to include SHA-256
capability (default of the current version is SHA-1 but I think its time the
world moves forward a bit). The changes to the source code I have submitted
in an email back to the original maintainer (not the MacPorts maintainer --
I want the code to first be made available on the source web site and then
we can modify the MacPorts port for TinyCA2)

In the mean time, I'm educating myself about OpenSSL and creating a
Certificate Authority (such as for self-signed CA) in the PKI context. I
have been reading the RFC 3280 about PKI and X.509 ... there are some values
that can be entered (using TinyCA2 for example) that are passed to OpenSSL
on the command line for certain data structures that are used for creating
certificates. For example the X.509 extension:

4.2.1.8  Issuer Alternative Names
>
>    As with 4.2.1.7, this extension is used to associate Internet style
>    identities with the certificate issuer.  Issuer alternative names
>    MUST be encoded as in 4.2.1.7.
>
>    Where present, this extension SHOULD NOT be marked critical.
>
>    id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
>
>    IssuerAltName ::= GeneralNames
>

TinyCA2, when it is first run, fills in some default values, for example for
the Issuer Alternative Names extension, these values:

issuer:copy
>

I've been pouring through the RFC and have not been able to find a source of
information as to what value space there is for example for the "issuer" as
in the text "copy".

Is anyone here well versed enough on this topic to know where this
information (the value space) is more defined?

Thank you for any suggestions.

Cheers,

Tabitha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/macports-users/attachments/20080305/c09ce540/attachment-0001.html 


More information about the macports-users mailing list