Hello all -- I have worked on updating the TinyCA2 source code to include SHA-256 capability (default of the current version is SHA-1 but I think its time the world moves forward a bit). The changes to the source code I have submitted in an email back to the original maintainer (not the MacPorts maintainer -- I want the code to first be made available on the source web site and then we can modify the MacPorts port for TinyCA2) In the mean time, I'm educating myself about OpenSSL and creating a Certificate Authority (such as for self-signed CA) in the PKI context. I have been reading the RFC 3280 about PKI and X.509 ... there are some values that can be entered (using TinyCA2 for example) that are passed to OpenSSL on the command line for certain data structures that are used for creating certificates. For example the X.509 extension: 4.2.1.8 Issuer Alternative Names

As with 4.2.1.7, this extension is used to associate Internet style identities with the certificate issuer. Issuer alternative names MUST be encoded as in 4.2.1.7.

Where present, this extension SHOULD NOT be marked critical.

id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }

IssuerAltName ::= GeneralNames

TinyCA2, when it is first run, fills in some default values, for example for the Issuer Alternative Names extension, these values: issuer:copy

I've been pouring through the RFC and have not been able to find a source of information as to what value space there is for example for the "issuer" as in the text "copy". Is anyone here well versed enough on this topic to know where this information (the value space) is more defined? Thank you for any suggestions. Cheers, Tabitha