OpenSSL OpenSSL - User

./CA.pl -newreq specify servername

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Kaushal Shriyan-2
Reply | Threaded
Open this post in threaded view
|

./CA.pl -newreq specify servername

Kaushal Shriyan-2
Hi,

I am running CentOS Linux release 7.9.2009 (Core).

#rpm -qa | grep openssl
openssl-devel-1.0.2k-21.el7_9.x86_64
openssl-libs-1.0.2k-21.el7_9.x86_64
openssl-1.0.2k-21.el7_9.x86_64
openssl-perl-1.0.2k-21.el7_9.x86_64

cd /etc/pki/tls/misc
[root@basheerdevops misc]# ll
total 64
-rwxr-xr-x. 1 root root 5178 Dec 17 02:53 CA
-rwxr-xr-x  1 root root 5691 Dec 17 02:53 CA.pl
-rwxr-xr-x. 1 root root  119 Dec 17 02:53 c_hash
-rwxr-xr-x. 1 root root  152 Dec 17 02:53 c_info
-rwxr-xr-x. 1 root root  112 Dec 17 02:53 c_issuer
-rwxr-xr-x. 1 root root  110 Dec 17 02:53 c_name
-rw-r--r--  1 root root 4837 Feb 16 05:51 newcert.pem
-rw-r--r--  1 root root 1834 Feb 16 05:49 newkey.pem
-rw-r--r--  1 root root 1115 Feb 16 05:49 newreq.pem
-rwxr-xr-x  1 root root 6419 Dec 17 02:53 target

 #./CA.pl -newreq --> is there a way to specify server name? For example gitlabinternal.  By default, it saves in file newcert.pem
 #./CA.pl -sign 

I ran the below command to copy 
#cp newcert.pem gitlabinternal.pem 
#openssl x509 -in gitlabinternal.pem -noout -text

Is there a way to specify servername in ./CA.pl -newreq  command ? Please suggest further. Thanks in advance. 

Best Regards,

Kaushal
Kaushal Shriyan-2
Reply | Threaded
Open this post in threaded view
|

Re: ./CA.pl -newreq specify servername

Kaushal Shriyan-2


On Tue, 16 Feb 2021 at 6:02 AM, Kaushal Shriyan <[hidden email]> wrote:
Hi,

I am running CentOS Linux release 7.9.2009 (Core).

#rpm -qa | grep openssl
openssl-devel-1.0.2k-21.el7_9.x86_64
openssl-libs-1.0.2k-21.el7_9.x86_64
openssl-1.0.2k-21.el7_9.x86_64
openssl-perl-1.0.2k-21.el7_9.x86_64

cd /etc/pki/tls/misc
[root@basheerdevops misc]# ll
total 64
-rwxr-xr-x. 1 root root 5178 Dec 17 02:53 CA
-rwxr-xr-x  1 root root 5691 Dec 17 02:53 CA.pl
-rwxr-xr-x. 1 root root  119 Dec 17 02:53 c_hash
-rwxr-xr-x. 1 root root  152 Dec 17 02:53 c_info
-rwxr-xr-x. 1 root root  112 Dec 17 02:53 c_issuer
-rwxr-xr-x. 1 root root  110 Dec 17 02:53 c_name
-rw-r--r--  1 root root 4837 Feb 16 05:51 newcert.pem
-rw-r--r--  1 root root 1834 Feb 16 05:49 newkey.pem
-rw-r--r--  1 root root 1115 Feb 16 05:49 newreq.pem
-rwxr-xr-x  1 root root 6419 Dec 17 02:53 target

 #./CA.pl -newreq --> is there a way to specify server name? For example gitlabinternal.  By default, it saves in file newcert.pem
 #./CA.pl -sign 

I ran the below command to copy 
#cp newcert.pem gitlabinternal.pem 
#openssl x509 -in gitlabinternal.pem -noout -text

Is there a way to specify servername in ./CA.pl -newreq  command ? Please suggest further. Thanks in advance. 

Best Regards,

Kaushal

Hi,

I will appreciate if someone can pitch in for my earlier email post to this mailing list. 

Thanks in Advance.

Best Regards,

Kaushal
Paul Nelson
Reply | Threaded
Open this post in threaded view
|

Re: ./CA.pl -newreq specify servername

Paul Nelson
For OpenSSL 1.0.2:

Are you asking how to get a DNS Subject Alternative Name extension into the certificate?
You would need to edit an openssl.cnf file and add the proper stuff to get this extension. Check the man page for x509v3_config.
The item you want to put in the config file is subjectAltName=DNS:myserver.mydom.com

Also see the man page for ca and config

You may need to run the openssl ca command directly instead of using CA.pl so you can use the -extensions argument.

On Feb 16, 2021, at 8:22 PM, Kaushal Shriyan <[hidden email]> wrote:



On Tue, 16 Feb 2021 at 6:02 AM, Kaushal Shriyan <[hidden email]> wrote:
Hi,

I am running CentOS Linux release 7.9.2009 (Core).

#rpm -qa | grep openssl
openssl-devel-1.0.2k-21.el7_9.x86_64
openssl-libs-1.0.2k-21.el7_9.x86_64
openssl-1.0.2k-21.el7_9.x86_64
openssl-perl-1.0.2k-21.el7_9.x86_64

cd /etc/pki/tls/misc
[root@basheerdevops misc]# ll
total 64
-rwxr-xr-x. 1 root root 5178 Dec 17 02:53 CA
-rwxr-xr-x  1 root root 5691 Dec 17 02:53 CA.pl
-rwxr-xr-x. 1 root root  119 Dec 17 02:53 c_hash
-rwxr-xr-x. 1 root root  152 Dec 17 02:53 c_info
-rwxr-xr-x. 1 root root  112 Dec 17 02:53 c_issuer
-rwxr-xr-x. 1 root root  110 Dec 17 02:53 c_name
-rw-r--r--  1 root root 4837 Feb 16 05:51 newcert.pem
-rw-r--r--  1 root root 1834 Feb 16 05:49 newkey.pem
-rw-r--r--  1 root root 1115 Feb 16 05:49 newreq.pem
-rwxr-xr-x  1 root root 6419 Dec 17 02:53 target

 #./CA.pl -newreq --> is there a way to specify server name? For example gitlabinternal.  By default, it saves in file newcert.pem
 #./CA.pl -sign 

I ran the below command to copy 
#cp newcert.pem gitlabinternal.pem 
#openssl x509 -in gitlabinternal.pem -noout -text

Is there a way to specify servername in ./CA.pl -newreq  command ? Please suggest further. Thanks in advance. 

Best Regards,

Kaushal

Hi,

I will appreciate if someone can pitch in for my earlier email post to this mailing list. 

Thanks in Advance.

Best Regards,

Kaushal
Free forum by Nabble Edit this page