000025791 - How to create FASC-N value in subjectAltName using RSA Certificate Manager API

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025791
Applies ToRSA Certificate Manager 6.6 API
Microsoft Windows Server 2003 SP1
IssueHow to create FASC-N value in subjectAltName using RSA Certificate Manager API
Does not encode FASC-N value with OID (2.16.840. 1.101.3.6.6) in SubjectAltName as an <OtherName> name containing the octet string
RSA Certificate Manager API must be able to encode the FASC-N value in the subjectAltName as an otherName value containing an Octet String; it currently only "knows" that an otherName should be an Octet String based on a hard-coded list of OIDs. At a bare minimum, the FASC-N OID must be added to this list. The result should be something like the following example:

Subject Alternative Name

Other Name:

2.16.840.1.101.3.6.6=04 19 d2 32 10 d8 21 0c 2c 1a 84 30 85 a1 68 58 30 08 42 10 86 08 82 32 10 c3 e1

Further details can be found in Appendix D of FIPS 201 located at http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-v5.pdf
Resolution- RSA Certificate Manager 6.6 build 304 does not encode the FASC-N value as an octet string.

- RSA Certificate Manager 6.6 build 305 encodes the FASC-N value with OID (2.16.840.1.101.3.6.6) as an octet string.

Sample code has been provided with RSA Certificate Manager API 6.6 build 305 on how to add such an extension.

Contact RSA Security Customer Support to request RSA Certificate Manager API 6.6 build 305 and higher.
Legacy Article IDa31002

Attachments

    Outcomes