[New in v3.3]
The strExtensions parameter can be used to set more advanced details in the newly-created certificates made using
the X509_MakeCert and X509_MakeCertSelf functions.
It is an optional parameter. If not empty then it must contain
either a simple RFC822 email address to add a single subjectAltName extension
or one or more type=value attributes separated by a semi-colons (;).
Valid attribute value pairs are:
subjectAltName extension,
e.g. rfc822Name=myname@testorg.com.
serialNumber=12deadbeefcafe0123.
If the first digit is greater than 7, it will preceded by a '0' to make sure the integer is stored as a positive value.
subjectAltName extension with an octet string (binary) value specified in hex format
e.g. subjectKeyIdentifier=fedcba9876543210.
notAfter=2020-12-31 or notAfter=2020-12-31T14:03:59.
If no time is given it will default to 23:59:59.
Note that this time is UTC (GMT) not local.
notBefore=2008-12-31.
If no time is given it will default to 00:00:01.
Note that this time is UTC (GMT) not local.
Some examples of valid input strings to the strExtensions parameter:
"AliceRSA@example.com" "rfc822name=AliceRSA@example.com" "serialNumber=46346BC7800056;subjectKeyIdentifier=77D2B4D1B74C8A8AA3CE" "rfc822Name=me@here.com;notAfter=2020-12-31T12:00:59" "rfc822Name=AliceRSA@example.com;notBefore=1999-09-19T01:08:47;notAfter=2039-12-31"
The order of attributes is not important. It is an error to specify an invalid attribute name (don't forget the semicolon separator). If an attribute is not specified, the relevant field will either be omitted or will default to the values set by nCertNum, nYearsValid and the current system time. It's up to you to police the input to these rather sharp tools. See our AOC Policy below.