psmiraglia
commented
3 years ago The final result for public sector certificate should be something like that...
$ openssl x509 -in mycert/cert.pem -text
[...]
X509v3 extensions:
X509v3 Certificate Policies:
Policy: 1.3.76.16
User Notice:
Explicit Text: cert_SP_Pubblici
Policy: 1.3.76.16.4.2.1
User Notice:
Explicit Text: Service provider SPID pubblico
[...]$ openssl asn1parse -inform PEM -oid oids.conf -i -in mycert/cert.pem -strparse 841
0:d=0 hl=2 l= 99 cons: SEQUENCE
2:d=1 hl=2 l= 39 cons: SEQUENCE
4:d=2 hl=2 l= 3 prim: OBJECT :Agenzia per l'Italia Digitale
9:d=2 hl=2 l= 32 cons: SEQUENCE
11:d=3 hl=2 l= 30 cons: SEQUENCE
13:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier User Notice
23:d=4 hl=2 l= 18 cons: SEQUENCE
25:d=5 hl=2 l= 16 prim: VISIBLESTRING :cert_SP_Pubblici
43:d=1 hl=2 l= 56 cons: SEQUENCE
45:d=2 hl=2 l= 6 prim: OBJECT :spid-publicsector-SP
53:d=2 hl=2 l= 46 cons: SEQUENCE
55:d=3 hl=2 l= 44 cons: SEQUENCE
57:d=4 hl=2 l= 8 prim: OBJECT :Policy Qualifier User Notice
67:d=4 hl=2 l= 32 cons: SEQUENCE
69:d=5 hl=2 l= 30 prim: VISIBLESTRING :Service provider SPID pubblicoSounds it good?
Certificate must also contain: