How to make certificate for Network-Map of corda using openssl with custom X.509v3 corda extension having OID 1.3.6.1.4.1.50530.1.1

0
votes

I have been trying to make certificate for Network-Map using openssl with configuration as 

[v3_nonca]
basicConstraints = CA:FALSE
keyUsage = digitalSignature
extendedKeyUsage=serverAuth,clientAuth,anyExtendedKeyUsage
subjectKeyIdentifier = hash

It makes certificate almost identitical to the self generated certificate by network map service with a difference that it doesnt have custom X.509v3 extension that specifies the role the certificate relates to. This extension has the OID 1.3.6.1.4.1.50530.1.1 and is non-critical, as mentioned in the document https://docs.corda.net/permissioning.html.

Need help in modifying openssl configuration file whichh has the required custom X.509v3 extension with OID as 1.3.6.1.4.1.50530.1.1

2
opensslssl-certificatecorda
I was able to perform it using 1.3.6.1.4.1.50530.1.1 = ASN1:INTEGER:Juhi Gupta

2 Answers

1
votes

The openssl conf takes the format of:

name=value

The x509 format uses the "OID" as the "name" part of the name=value above. Most of the "names" you see in the conf files are actually aliases for OID values as preconfigured in openssl source code. You can add your own aliases. Or you could just use the OID as the name.

e.g. 1.3.6.1.4.1.50530.1.1=value

The "value" part can be a little tricky as it depends what value type is required. Since this isn't one of the inbuild OID's you need to say what the ANS1 value format is as defined here.

e.g. a octet string value would be: 1.3.6.1.4.1.50530.1.1=OCT:test value

0
votes

I was able to perform it using 1.3.6.1.4.1.50530.1.1 = ASN1:INTEGER: