Encoding a custom extension so Windows recognizes it

May 7, 2015 at 11:27 AM

I have successfully encoded and added a custom extension to requests, which then show flagged as the OID is named in Active Directory. E.g.

certutil -f -oid "Some Extension" 1033

I then encode the extension as a DER string and add it to the pending request. After issuing the certificate, the extension is shown as hex.

Some Extension 6b 00 03 04 03 ...

Is there a way to display it in a more readable way? I am adding an email-address btw. If I click on the field, the value is encoded / displayed with dots between each character.

Nothing serious, but maybe someone knows :)


May 7, 2015 at 1:07 PM
No, because CryptoAPI has no definition for custom extensions, so it displays their value as hex dump.
Marked as answer by Camelot on 11/8/2015 at 11:01 PM
May 7, 2015 at 1:12 PM
Thanks Camelot, much appreciated. Then that's the way I will go :)