EJBCA supports custom OIDs in DN components. To add your own customized DN, call the DN, for example:
CN=MyCommonName,188.8.131.52=MyCustomOid,C=SE Where 184.108.40.206 is your custom OID
Note that custom OIDs are always encoded as UTF8String in the DN.
To enable support for custom OIDs in the Admin GUI, edit the file src/java/profilemappings.properties and add your new OID at the end of the file. Following the example in the file allows you to add you OID in the End Entity Profile, and add new users. If updating profilemappings.properties, also edit the appropriate language properties file src/adminweb/languages/languagefile.<your language>.properties and add the last field in the profilemappings.properties file, i.e. the LanguageConstant. This is required in order to avoid that your new field is displayed in the Admin GUI as the key you entered.
By default, EJBCA places unknown OIDs at the end. For example, the DN can be displayed as: CN=MyCommonName,C=SE,220.127.116.11=MyCustomOid (if looking at the asn1 coding, different applications display in a different order regardless of the asn1 coding). To control the ASN.1 ordering of DN elements, add a file named dncomponents.properties in the directory ejbca/src/java. The file dncomponents.properties.sample in the distribution displays the default order in EJBCA and can be used as an example. Note that your custom OID must be ordered in the correct place in the dncomponents.properties file and the file must include all components from the sample file. After updating dncomponents.properties, you must runt ant clean before re-deploying EJBCA.
If using custom OIDs, they better not become standard ones later on, because if the underlying ASN.1 library in EJBCA starts to know the OIDs as standard ones, things will be renamed in the database and you will have to do a database migration. Additionally, you must consider your customizations when upgrading EJBCA and keep track of dncomponents.properties.
Adding custom OIDs in altNames works the same way as for DN. Using a custom OID, the altName string in the database can, for example, be: rfc822Namefirstname.lastname@example.org, 18.104.22.168=foobar. A Custom OID is always added as OtherName using a simple UTF8String. For more information on the definition of the OtherName altNameSee RFC 3280.
The OtherName consists of:
The custom OID
An UTF8String with the value