EJBCA Custom OID DN and altName oids Rumi, April 16, 2012 EJBCA supports custom (your own) OIDs in DN components. In order to add such a DN you can simply call the DN for example: CN=MyCommonName,1.1.1.1=MyCustomOid,C=SE Where 1.1.1.1 is your custom OID. Custom OIDs are always encoded as UTF8String in the DN. To get support for custom OIDs in the Admin GUI you must edit the file src/java/profilemappings.properties and add your new OID in the end. Just follow the example in the file, and you will get the possibility to add you oid in the End Entity Profile, and following that also when adding new users. If you edit profilemappings.properties, you should also add an entry in src/adminweb/languages/languagefile.XX.properties (where XX is you language). Otherwise your new field will be displayed as the key that you entered (which is probably ok also) in the admin-GUI. The new field you must add in the language file is the last field in profilemappings.properties, i.e. the LanguageConstant. EJBCA will by default put unknown OIDs in the end so the DN will probably be displayed as: CN=MyCommonName,C=SE,1.1.1.1=MyCustomOid (if looking at the asn1 coding, different application display in a different order regardless of the asn1 coding). If you need a particular order of DN components, you can add a file 'dncomponents.properties' in the directory ejbca/src/java. There is a file called dncomponents.properties.sample in the distribution as a starting point (it shows the default ordering in EJBCA). You custom oid must be placed in the right place in that file, and all components from the sample file should be included, or you will get strange behaviour. Using the dncomponents.properties file is only needed if you need to control the ASN.1 ordering of DN elements. After updating dncomponents.properties you need to run 'ant clean' before re-deploying EJBCA. A word of caution: If you use custom OIDs, they better not become standard ones later on, because if the underlying ASN.1 library in EJBCA starts to know the OIDs as standard ones, things will be renamed in the database and you will have to do a database migration. Also you must keep track of dncomponents.properties when upgrading EJBCA. Stick to the standard is my advice! Having all these customizations off-course requires some maintenance on your part, so don't forget your customizations when upgrading EJBCA to a new version. Check RELEASE_NOTES for important changes! altNames Adding custom OIDs in altNames works the same way as for DN. When a custom OID is used the altName string in the database will be for example "rfc822Name=foo@bar.com, 1.1.1.1=foobar". A Custom OID is always added as OtherName using a simple UTF8String. See RFC3280 for definition of the OtherName altName. The OtherName consists of: The custom oid An UTF8String with the value PKI EJBCA
Hi I could add a new OID in DN, however in ALTName was not possible: DN;2.16.76.1.3.1;103;2.16.76.1.3.1;103;beta;beta The line above works! ALTNAME;2.16.76.1.3.1;103;2.16.76.1.3.1;103;beta;beta The line above doesn´t work! Could you add a OID in SAN? Thanks in advance!
Hi Victor, Did you already solve your problem? I also have the same problem here. please tell me your solution if you already solved it Thanks