EJBCA supports custom OIDs in DN components. To add your own customized DN, call the DN, for example:
CN=MyCommonName,18.104.22.168=MyCustomOid,C=SE Where 22.214.171.124 is your custom OID
Note that custom OIDs are always encoded as UTF8String in the DN.
To enable support for custom OIDs in the Admin GUI, edit the file src/java/profilemappings.properties and add your new OID at the end of the file. Follow the example in the file to add your OID in the End Entity Profile, and add new users. After updating the profilemappings.properties, always edit the appropriate language properties file modules/admin-gui/resources/languages/languagefile.<your language>.properties and add the last field in the profilemappings.properties file, i.e. the LanguageConstant. This is required in order to avoid that your new field is displayed in the Admin GUI as the key you entered.
By default, EJBCA places unknown OIDs at the end. For example, the DN can be displayed as CN=MyCommonName,C=SE,126.96.36.199=MyCustomOid (if looking at the ASN.1 encoding, different applications display in a different order regardless of the ASN.1 encoding). To control the ASN.1 ordering of DN elements, add a file named dncomponents.properties in the directory ejbca/src/java. The file dncomponents.properties.sample in the distribution displays the default order in EJBCA and can be used as an example. Note that your custom OID must be ordered in the correct place in the dncomponents.properties file and the file must include all components from the sample file. Also note that you can control the order also in the certificate profile, via the Custom Subject DN Order field. After updating the dncomponents.properties file, runt ant clean before re-deploying EJBCA.
If using custom OIDs, they better not become standard ones later on, because if the underlying ASN.1 library in EJBCA starts to know the OIDs as standard ones, things will be renamed in the database and you will have to do a database migration. Additionally, you must consider your customizations when upgrading EJBCA and keep track of dncomponents.properties.
Adding custom OIDs in altNames works the same way as for DN. Using a custom OID, the altName string in the database can, for example, be rfc822Nameemail@example.com, 188.8.131.52=foobar. A Custom OID is always added as OtherName using a simple UTF8String. For more information on the definition of the OtherName altName, see RFC 5280.
The OtherName consists of:
The custom OID
An UTF8String with the value