Hi,
I am running CentOS Linux release 7.9.2009 (Core). #rpm -qa | grep openssl openssl-devel-1.0.2k-21.el7_9.x86_64 openssl-libs-1.0.2k-21.el7_9.x86_64 openssl-1.0.2k-21.el7_9.x86_64 openssl-perl-1.0.2k-21.el7_9.x86_64 cd /etc/pki/tls/misc [root@basheerdevops misc]# ll total 64 -rwxr-xr-x. 1 root root 5178 Dec 17 02:53 CA -rwxr-xr-x 1 root root 5691 Dec 17 02:53 CA.pl -rwxr-xr-x. 1 root root 119 Dec 17 02:53 c_hash -rwxr-xr-x. 1 root root 152 Dec 17 02:53 c_info -rwxr-xr-x. 1 root root 112 Dec 17 02:53 c_issuer -rwxr-xr-x. 1 root root 110 Dec 17 02:53 c_name -rw-r--r-- 1 root root 4837 Feb 16 05:51 newcert.pem -rw-r--r-- 1 root root 1834 Feb 16 05:49 newkey.pem -rw-r--r-- 1 root root 1115 Feb 16 05:49 newreq.pem -rwxr-xr-x 1 root root 6419 Dec 17 02:53 target #./CA.pl -newreq --> is there a way to specify server name? For example gitlabinternal. By default, it saves in file newcert.pem #./CA.pl -sign I ran the below command to copy #cp newcert.pem gitlabinternal.pem #openssl x509 -in gitlabinternal.pem -noout -text Is there a way to specify servername in ./CA.pl -newreq command ? Please suggest further. Thanks in advance. Best Regards, Kaushal |
On Tue, 16 Feb 2021 at 6:02 AM, Kaushal Shriyan <[hidden email]> wrote:
Hi, I will appreciate if someone can pitch in for my earlier email post to this mailing list. Thanks in Advance. Best Regards, Kaushal |
For OpenSSL 1.0.2:
Are you asking how to get a DNS Subject Alternative Name extension into the certificate?
You would need to edit an openssl.cnf file and add the proper stuff to get this extension. Check the man page for x509v3_config. The item you want to put in the config file is subjectAltName=DNS:myserver.mydom.com Also see the man page for ca and config You may need to run the openssl ca command directly instead of using CA.pl so you can use the -extensions argument.
|
Free forum by Nabble | Edit this page |