Chapter 19. GenIssuerAltNameExt (Adding the Issuer Name Extention to a Request)

The GenIssuerAltNameExt creates a base-64 encoded blob that adds the issuer name extensions, IssuerAltNameExt (OID 2.5.29.18), to the new certificate. This blob is pasted into the certificate approval page when the certificate is created.

19.1. Syntax

The GenIssuerAltNameExt tool uses parameter pairs where the first parameter specifies the general type of name attribute which is used for the issuer and the second parameter gives that name in that format. The tool has the following syntax:

GenIssuerAltNameExt general_type# ... general_name# ...

Parameter Description
general_type Sets the type of name. It can be one of the following strings:
  • RFC822Name
  • DNSName
  • EDIPartyName
  • URIName
  • IPAddressName
  • OIDName
  • X500Name
general_name A string, conforming to the name type, that gives the name of the issuer.
  • For RFC822Name, the value must be a valid Internet mail address. For example, testCA@example.com.
  • For DNSName, the value must be a valid fully-qualified domain name. For example, testCA.example.com.
  • For EDIPartyName, the value must be an IA5String. For example, Example Corporation.
  • For URIName, the value must be a non-relative URI following the URL syntax and encoding rules. The name must include both a scheme, such as http, and a fully qualified domain name or IP address of the host. For example, http://testCA.example.com.
  • For IPAddressName, the value must be a valid IP address. An IPv4 address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, 128.21.39.40 or 128.21.39.40,255.255.255.00. An IPv6 address uses a 128-bit namespace, with the IPv6 address separated by colons and the netmask separated by periods. For example, 0:0:0:0:0:0:13.1.68.3, FF01::43, 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.0, and FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.
  • For OIDName, the value must be a unique, valid OID specified in dot-separated numeric component notation. For example, 1.2.3.4.55.6.5.99.
  • For X500Name, the value must be a string form of X.500 name, similar to the subject name in a certificate. For example, cn=SubCA, ou=Research Dept, o=Example Corporation, c=US.