Mbed TLS is now part of TrustedFirmware.org.

How to add Extensions of Subject Alternative Name to a certificate?


May 19, 2017 05:17
reminder

We try to add the Extensions of Subject Alternative Name and Extended Key Usage to a self-sign certificate.But we can not find the APIs to set the extension in the Mbedtls. How can we add these two extension to the certificate using Mbedtls API?

 
May 21, 2017 07:54
Ron Eldor

Hi reminder,
You can look at cet_write sample application to see how to write a certificate with extensions.
You can write the key usage extension with the mbedtls_x509write_crt_set_key_usage API, however mbed TLS does not support writing Subject ALternative Name (SAN) extension.
If you think that there is a need for writing such an extension, you can add this feature request in the github issues and we will consider your request.
Regards,
mbed TLS Team member
Ron

 
May 22, 2017 06:38
reminder

Hi Ron,

Thanks for your information. Can you give us some hint how to add the Subject Alternative Name by ourselves?

With best regards reminder

 
Jun 6, 2017 07:17
Ron Eldor

Hi reminder,
You could look at this PR for some hints.
Note this PR wasn't approved and wasn't merged, so I can't guarantee it will be merged as is.
Regards,
mbed TLS Team member
Ron