17.2. Usage

Find and note the location of the extension program files.

Run ExtJoiner, specifying the extension files. For example, if there are two extension files named myExt1 and myExt2 in a directory called /etc/extensions, then the command would be as follows:

ExtJoiner /etc/extensions/myExt1 /etc/extensions/myExt2

This creates a base-64 encoded blob of the joined extensions, similar to this example:

MEwwLgYDVR0lAQHBCQwIgYFKoNFBAMGClGC5EKDM5PeXzUGBi2CVyLNCQYFU
iBakowGgYDVR0SBBMwEaQPMA0xCzAJBgNVBAYTAlVT

Copy the encoded blob, without any modifications, to a file.

Verify that the extensions are joined correctly before adding them to a certificate request by converting the binary data to ASCII using the AtoB utility and then dumping the contents of the base-64 encoded blob using the dumpasn1 utility. For information on the AtoB utility, see Chapter 7, AtoB (Converting ASCII to Binary). The dumpasn1 tool can be downloaded at http://fedoraproject.org/extras/4/i386/repodata/repoview/dumpasn1-0-20050404-1.fc4.html.

0 30 76: SEQUENCE {
2 30 46: SEQUENCE {
4 06 3: OBJECT IDENTIFIER extKeyUsage (2 5 29 37)
9 01 1: BOOLEAN TRUE
12 04 36: OCTET STRING
 : 30 22 06 05 2A 83 45 04 03 06 0A 51 82 E4 42 83
 : 33 93 DE 5F 35 06 06 2D 82 57 22 CD 09 06 05 51
 : 38 81 6A 4A
 : }
50 30 26: SEQUENCE {
52 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18)
57 04 19: OCTET STRING
 : 30 11 A4 0F 30 0D 31 0B 30 09 06 03 55 04 06 13
 : 02 55 53
 : }
 : }

0 warnings, 0 errors.

If the output data do not appear to be correct, check that the original Java™ extension files are correct, and repeat converting the files from ASCII to binary and dumping the data until the correct output is returned.

When the extensions have been verified, copy the base-64 encoded blob that was created by running ExtJoiner to the Certificate System wizard screen, and generate the certificate or the certificate signing request (CSR).