21.1. Syntax

The GenSubjAltNameExt tool uses parameter pairs where the first parameter specifies the type of name format, and the second parameter gives that name in the specified format.

This tool has the following syntax:

GenSubjectAltNameExt general_type0 general_name0 ... general_typeN general_nameN

Parameter Description

Parameter	Description
general_type	Sets the type of name that is used. This can be any of the following strings: `RFC822Name` `DirectoryName` `DNSName` `EDIPartyName` `URIName` `IPAddress` `OIDName` `OtherName`
general_name	A string, conforming to the specified format, of the subject name. For `RFC822Name`, the value must be a valid Internet mail address. For example, `testCA@example.com`. For `DirectoryName`, the value must be a string form of X.500 name, similar to the subject name in a certificate. For example, `cn=SubCA, ou=Research Dept, o=Example Corporation, c=US`. For `DNSName`, the value must be a valid fully-qualified domain name. For example, `testCA.example.com`. For `EDIPartyName`, the value must be an IA5String. For example, `Example Corporation`. For `URIName`, the value must be a non-relative URI following the URL syntax and encoding rules. The name must include both a scheme, such as `http`, and a fully qualified domain name or IP address of the host. For example, `http://testCA.example.com`. For `IPAddress`, the value must be a valid IP address. An IPv4 address must be in the format `n.n.n.n` or `n.n.n.n,m.m.m.m`. For example, `128.21.39.40` or `128.21.39.40,255.255.255.00`. An IPv 6 address with netmask is separated by a comma. For example, `0:0:0:0:0:0:13.1.68.3`, `FF01::43`, `0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.0`, and `FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000`. For `OIDName`, the value must be a unique, valid OID specified in dot-separated numeric component notation. For example, `1.2.3.4.55.6.5.99`. `OtherName` is used for names with any other format; this supports `PrintableString`, `IA5String`, `UTF8String`, `BMPString`, `Any`, and `KerberosName`. `PrintableString`, `IA5String`, `UTF8String`, `BMPString`, and `Any` set a string to a base-64 encoded file specifying the subtree, such as `/var/lib/rhpki-ca/othername.txt`. `KerberosName` has the format Realm\|NameType\|NameStrings, such as `realm1\|0\|userID1,userID2`.

general_type

Sets the type of name that is used. This can be any of the following strings:

RFC822Name
DirectoryName
DNSName
EDIPartyName
URIName
IPAddress
OIDName
OtherName

general_name

A string, conforming to the specified format, of the subject name.

For RFC822Name, the value must be a valid Internet mail address. For example, testCA@example.com.
For DirectoryName, the value must be a string form of X.500 name, similar to the subject name in a certificate. For example, cn=SubCA, ou=Research Dept, o=Example Corporation, c=US.
For DNSName, the value must be a valid fully-qualified domain name. For example, testCA.example.com.
For EDIPartyName, the value must be an IA5String. For example, Example Corporation.
For URIName, the value must be a non-relative URI following the URL syntax and encoding rules. The name must include both a scheme, such as http, and a fully qualified domain name or IP address of the host. For example, http://testCA.example.com.
For IPAddress, the value must be a valid IP address. An IPv4 address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, 128.21.39.40 or 128.21.39.40,255.255.255.00. An IPv 6 address with netmask is separated by a comma. For example, 0:0:0:0:0:0:13.1.68.3, FF01::43, 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.0, and FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.
For OIDName, the value must be a unique, valid OID specified in dot-separated numeric component notation. For example, 1.2.3.4.55.6.5.99.
OtherName is used for names with any other format; this supports PrintableString, IA5String, UTF8String, BMPString, Any, and KerberosName. PrintableString, IA5String, UTF8String, BMPString, and Any set a string to a base-64 encoded file specifying the subtree, such as /var/lib/rhpki-ca/othername.txt. KerberosName has the format Realm|NameType|NameStrings, such as realm1|0|userID1,userID2.

Table 21.1.