It is useful to be able to add additional items into the CSR so that additional use can be made of the certificate and key. A usecase would involve adding a subject alternative name (DNS name and IP address) and extended key usage (TLS server).
This topic is consider any additional CSR configuration that might be useful along with options as to how best to realize this enhanced capability.
Some possible implementations options:
1) Extend the existing approach and possibly expand the CSR interface with a struct parameter that can grow in the future
2) Call OpenSSL (openssl req -config ...) allowing a specific configuration file to be used allowing some settings of the command line
There are some example script that use OpenSSL to generate certificates for the unit tests that demonstrate how OpenSSL configuration could be used: example. CSRs could use similar approaches.
It is useful to be able to add additional items into the CSR so that additional use can be made of the certificate and key. A usecase would involve adding a subject alternative name (DNS name and IP address) and extended key usage (TLS server).
This topic is consider any additional CSR configuration that might be useful along with options as to how best to realize this enhanced capability.
Some possible implementations options:
1) Extend the existing approach and possibly expand the CSR interface with a struct parameter that can grow in the future 2) Call OpenSSL (openssl req -config ...) allowing a specific configuration file to be used allowing some settings of the command line
There are some example script that use OpenSSL to generate certificates for the unit tests that demonstrate how OpenSSL configuration could be used: example. CSRs could use similar approaches.