Previous     Contents     Index     Next     
iPlanet Certificate Management System Command-Line Tools Guide



Chapter 5   Extension Joiner Tool


iPlanet iPlanet Certificate Management Server (CMS) provides many policy plug-in modules that enable you to add standard and custom X.509 certificate extensions to end-entity certificates the server issues. Similarly, the wizard that helps you generate the certificates required by the Certificate Manager, Registration Manager, and Data Recovery Manager enables you to select extensions that you want to include in the certificates. Additionally, the wizard interface and the request-approval page of the Agent interface contains a text area, enabling you to paste any extension in its MIME-64 encoded format.

Certificate Management System also provides tools that generate MIME-64 encoded blobs for many standard extensions. You can use these tools for generating MIME-64 encoded blobs for any extensions that you may want to include in CA and other certificate requests. The tools are located with the rest of the command-line utilities in this directory: <server_root>/bin/cert/tools

The text field provided for pasting the extension in general accepts a single extension blob. If you want to add multiple extensions, you should first join them to form a single extension blob and then paste the blob into the text field.

The ExtJoiner is a program that joins a sequence of extensions together so that the final output can be used in the wizard text field or in the request-approval page of the Agent interface for specifying multiple extensions.

This chapter has the following sections:



Location

The ExtJoiner program is located with the rest of the command-line tools in this directory: <server_root>/bin/cert/tools



Syntax


To run the ExtJoiner tool, type the following command:

java ExtJoiner <ext_file0> <ext_file1> ... <ext_fileN>

where <ext_file> specifies the path, including the filename, to files that contain the base-64 encoded DER encoding of an X.509 extension.



Usage


As discussed in the introduction of this chapter, the ExtJoiner program doesn't generate an extension in its MIME-64 encoded format, it only joins the extensions that are in MIME-64 encoded format. The steps below outline how you can use the ExtJoiner to join multiple custom extensions and add the extensions to a certificate request.

  1. Write the appropriate Java programs for the extensions.

  2. Join the extensions using ExtJoiner. To do this:

    1. Note the file paths to the files that contain the programs for extensions.

    2. Open a command window.

    3. Run the ExtJoiner, substituting the appropriate file paths. For example, if you have two extension files named myExt1 and myExt2 and have copied them to the same directory as the ExtJoiner, the command would look like this: java ExtJoiner myExt1 myExt2

      You should see a base-64 encoded blob, similar to the one below, of the joined extensions on screen: MEwwLgYDVR0lAQHBCQwIgYFKoNFBAMGClGC5EKDM5PeXzUGBi2CVyLNCQYFU
      iBakowGgYDVR0SBBMwEaQPMA0xCzAJBgNVBAYTAlVT

    4. Copy the encoded blob, without any modifications, to a file.

  3. Verify that the extensions are joined correctly before adding them to a certificate request. To do this, first you'll need to convert the binary data to ASCII format using the AtoB utility and then verify the binary data by dumping the contents of the base-64 encoded blob using the dumpasn1 utility. For information on the AtoB utility see, Chapter 7 "ASCII to Binary Tool" and for the dumpasn1 utility see, Table 1-1.

    Here's how you would do this verification:

    1. Go to this directory: <server_root>/bin/cert/tools

    2. Enter this command: AtoB <input_file> <output_file>, substituting <input_file> with the path to the file that contains the base-64 encoded data in ASCII format (from Step 2) and <output_file> with the path to the file to write the base-64 encoded data in binary format.

    3. Next, enter this command: dumpasn1 <ouput_file>, substituting <output_file> with the path to the file to that contains the base-64 encoded data in binary format. Your output should look similar to this:

            0 30 76: SEQUENCE {
            2 30 46: SEQUENCE {
            4 06 3: OBJECT IDENTIFIER extKeyUsage (2 5 29 37)
            9 01 1: BOOLEAN TRUE
            12 04 36: OCTET STRING
                     : 30 22 06 05 2A 83 45 04 03 06 0A 51 82 E4 42 83
                     : 33 93 DE 5F 35 06 06 2D 82 57 22 CD 09 06 05 51
                     : 38 81 6A 4A
                     : }
            50 30 26: SEQUENCE {
            52 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
            57 04 19: OCTET STRING
                     : 30 11 A4 0F 30 0D 31 0B 30 09 06 03 55 04 06 13
                     : 02 55 53
                     : }
                     : }

      0 warnings, 0 errors.

    4. If the output doesn't appear right, repeat steps 1 through 3 to get the correct output.

  4. Copy the base-64 encoded blob in step 2 (the output generated by the ExtJoiner) to the CMS wizard screen and generate the certificate or the certificate signing request (CSR), if submitting the request to another CA..


Previous     Contents     Index     Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated October 07, 2002