Setup guide

Usage

Chapter 5 Extension Joiner Tool 47

3. Verify that the extensions are joined correctly before adding them to a

certificate request. To do this, first you’ll need to convert the binary data to

ASCII format using the

AtoB utility and then verify th e bi nary data by

dumping the contents of the base-64 encoded blob using the

dumpasn1 utility.

For information on the

AtoB utility see, Chapter 7, “ASCII to Binary Tool” and

for the

dumpasn1 utility see, Tabl e 1-1 on page 13.

Here’s how you woul d do this verification:

a. Go to this directory: <server_root>/bin/cert/tools

b. Enter this command: AtoB <input_file> <output_file>, substituting

<input_file> with the path to the file that contains the base-64 encoded

data in ASCII format (from Step 2) and

<output_file> with the path to

the file to write the base-64 encoded data in bina ry format.

c. Next, enter this command: dumpasn1 <ouput_file>, substituting

<output_file> with the path to the file to that contains the base-64

encoded data in binary format. Your output should look similar to this:

0 30 76: SEQUENCE {

2 30 46: SEQUENCE {

4 06 3: OBJECT IDENTIFIER extKeyUsage (2 5 29 37)

9 01 1: BOOLEAN TRUE

12 04 36: OCTET STRING

: 302206052A83450403060A5182E44283

: 3393DE5F3506062D825722CD09060551

: 38816A4A

50 30 26: SEQUENCE {

52 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)

57 04 19: OCTET STRING

: 3011A40F300D310B3009060355040613

: 025553

0 warnings, 0 errors.

d. If the output doesn’t appear right, repeat steps 1 through 3 to get the

correct output.

4. Copy the base-64 encoded blob in step 2 (the output generated by the

ExtJoiner) to the CMS wizard screen and generate the certificate or the

certificate signing request (CSR), if submitting the request to another CA.