OpenSSL always shows "unsupported" for all subjectAltName "otherName" UTF8 values

certificate ssl openssl

Solution 1:

FYI, you will have to locate the "OCTET STRING" line just below the "OBJECT :X509v3 Subject Alternative Name" line then strparse:

# print section offset via
openssl asn1parse -in yourcert.pem
# parse otherName from "OCTET STRING" 
openssl asn1parse -in yourcert.pem -strparse <offset>

Solution 2:

Probably still unsupported. Try asn1parse.

The <unsupported> output was the regular result in 2010. My guess: this is still the case.

An OpenSSL dev said this on the mailing list (Archived here.):

Steven Hensen, 2010-01-02:

Currently OpenSSL doesn't display any otherName values. It can't know the precise meaning of that field in general because the format could be totally arbitrary. At best it could asn1parse the contents.

And if you use openssl asn1parse on the file to find the offset of the :X509v3 Subject Alternative Name section and then use the -strparse option with that offset, then otherName will in fact be displayed.

Related

new DNS zone with Forward to external DNS
How do I generate an IAM policy for making snapshots?
Remount root RW without reboot
How do I access a google cloud storage bucket using a service account from the command line?
Packet captures: filtering on RX vs TX
Unable to map a network drive from a Windows NT PC, to a Windows 2000 PC
Possible to authenticate Samba via Kerberos but without domain-join?
tail -f not following log file in Docker container
Windows 2012 RDS Server asking for Licensing Mode when it's already set?
In OpenVPN, what's the risk of omitting the key-direction when using tls-auth?
How to mount dd image of digital ocean?
AWS RDS db.t2 instance performance thresholds & monitoring