Certificate 在具有Bouncycastle的Subject Alternative Name中使用自定义Oid
我正在使用BouncyCastle生成证书。一切正常,直到我尝试添加一个具有GeneralName.OtherName自定义Oid=1.3.6.1.4.1.311.20.2.3(它代表用户主体名称(UPN))的主题替代名称扩展。所以结果应该是这样的: 主题替代名称部分->其他名称->用户主体名称=user@domain 我是这样做的:Certificate 在具有Bouncycastle的Subject Alternative Name中使用自定义Oid,certificate,x509certificate,bouncycastle,Certificate,X509certificate,Bouncycastle,我正在使用BouncyCastle生成证书。一切正常,直到我尝试添加一个具有GeneralName.OtherName自定义Oid=1.3.6.1.4.1.311.20.2.3(它代表用户主体名称(UPN))的主题替代名称扩展。所以结果应该是这样的: 主题替代名称部分->其他名称->用户主体名称=user@domain 我是这样做的: Asn1EncodableVector vector = new Asn1EncodableVector { new GeneralName(GeneralN
Asn1EncodableVector vector = new Asn1EncodableVector
{
new GeneralName(GeneralName.OtherName,
new KeySpecificInfo(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.3"), new DerOctetString(GetBytes("user@domain"))))
}
DerSequence seq = new DerSequence(vector);
GeneralNames subjectAltName = GeneralNames.GetInstance(seq);
// Adding extension to X509V3CertificateGenerator
certGen.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
//Subject Alternative Name
if (! (String.IsNullOrEmpty(_subjectAlternativeName))) {
//Here we signify ip address instead of DNS SAN. This could be condition upon further development.
GeneralNames subjectAltName = new GeneralNames(new GeneralName(GeneralName.IPAddress, _subjectAlternativeName));
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
}
Asn1EncodableVector otherName = new Asn1EncodableVector();
otherName.Add(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.3"));
otherName.Add(new DerTaggedObject(true, GeneralName.OtherName, new DerUtf8String(siteName)));
Asn1Object upn = new DerTaggedObject(false, 0, new DerSequence(otherName));
Asn1EncodableVector generalNames = new Asn1EncodableVector();
generalNames.Add(upn);
// Adding extension to X509V3CertificateGenerator
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, new DerSequence(generalNames));