Reputation: 11
Using custom Oid in Subject Alternative Name with Bouncycastle
I am generating a certificate using BouncyCastle. Everything works fine until I am trying to add an Subject Alternative Name extension with GeneralName.OtherName an custom Oid=1.3.6.1.4.1.311.20.2.3 (it stands for User Principal Name (UPN)). So the result should be like: Subject Alternative Name section -> OtherName -> User Principal Name=user@domain
I am doing it like this:
Asn1EncodableVector vector = new Asn1EncodableVector
{
new GeneralName(GeneralName.OtherName,
new KeySpecificInfo(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DerOctetString(GetBytes("user@domain"))))
}
DerSequence seq = new DerSequence(vector);
GeneralNames subjectAltName = GeneralNames.GetInstance(seq);
// Adding extension to X509V3CertificateGenerator
certGen.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
And after it I receive a strange serialized result in the SubjectAlternativeName section of the created certificate. It is obvious that adding OtherName section is wrong, but I could not find any information about adding custom oid for BouncyCastle. Any ideas?
Upvotes: 1
Views: 3793
Answers (2)
Reputation: 31
Found the answer here. It's Java but the code is practically the same for C#.
Here is my version in C#.
Asn1EncodableVector otherName = new Asn1EncodableVector();
otherName.Add(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.3"));
otherName.Add(new DerTaggedObject(true, GeneralName.OtherName, new DerUtf8String(siteName)));
Asn1Object upn = new DerTaggedObject(false, 0, new DerSequence(otherName));
Asn1EncodableVector generalNames = new Asn1EncodableVector();
generalNames.Add(upn);
// Adding extension to X509V3CertificateGenerator
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, new DerSequence(generalNames));
Upvotes: 1
Reputation: 161
This is also for a C# bouncycastle cert:
//Subject Alternative Name
if (! (String.IsNullOrEmpty(_subjectAlternativeName))) {
//Here we signify ip address instead of DNS SAN. This could be condition upon further development.
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.IPAddress, _subjectAlternativeName));
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
}
Upvotes: 0
Related Questions
- Converting X509Certificate2 certificate into BouncyCastle X509Certificate
- Long OID issue inside X509 certificate
- Specify Subject Alternative Name when generating a self signed certificate
- Read SubjectAlternativeNames from Certificate using Bouncy-Castle Library
- Correctly creating a new certificate with an intermediate certificate using bouny castle
- Getting Subject Alternate Names with Pkcs10CertificationRequest
- Can somebody help me to implement extension Subject Alternative Names using BouncyCastle?
- Attributes reversed in certificate subject and issuer
- Transform X509Certificate Subject DN to readable string
- Unique Identifier for certificate Issuer (X509Name)