New usability feature

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

New usability feature

OpenSSL - User mailing list

Having wrestled with this in the past, I want to point out that with commit https://github.com/openssl/openssl/commit/bfa470a4f64313651a35571883e235d3335054eb in master, it’s now possible to put a SAN field (or any extension) in a cert request via the command line; no special custom config or fancy ENV vars needed.

 

Hooray!


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: New usability feature

Dmitry Belyavsky-3
Dear Rich,

Great news!
Does it work for certificates too?



On Thu, Dec 28, 2017 at 11:51 PM, Salz, Rich via openssl-users <[hidden email]> wrote:

Having wrestled with this in the past, I want to point out that with commit https://github.com/openssl/openssl/commit/bfa470a4f64313651a35571883e235d3335054eb in master, it’s now possible to put a SAN field (or any extension) in a cert request via the command line; no special custom config or fancy ENV vars needed.

 

Hooray!


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




--
SY, Dmitry Belyavsky

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: New usability feature

Viktor Dukhovni


> On Dec 28, 2017, at 4:34 PM, Dmitry Belyavsky <[hidden email]> wrote:
>
> Great news!
> Does it work for certificates too?

The updated documentation says:

+=item B<-addext ext>    
+    
+Add a specific extension to the certificate (if the B<-x509> option is    
+present) or certificate request. The argument must have the form of    
+a key=value pair as it would appear in a config file.    
+    
+This option can be given multiple times.

So it should work for "openssl req -x509".  There should probably be
corresponding changes for "openssl x509 -req", which can be used for
more than just self-signed certs.

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: New usability feature

OpenSSL - User mailing list
In reply to this post by Dmitry Belyavsky-3

No, but that would be simple to add if you are up for doing the PR.

 

For now, the cert config file would have to copy the extensions.

 

From: Dmitry Belyavsky <[hidden email]>
Date: Thursday, December 28, 2017 at 4:34 PM
To: Rich Salz <[hidden email]>, openssl-users <[hidden email]>
Subject: Re: [openssl-users] New usability feature

 

Dear Rich,

 

Great news!

Does it work for certificates too?

 

 

 

On Thu, Dec 28, 2017 at 11:51 PM, Salz, Rich via openssl-users <[hidden email]> wrote:

Having wrestled with this in the past, I want to point out that with commit https://github.com/openssl/openssl/commit/bfa470a4f64313651a35571883e235d3335054eb in master, it’s now possible to put a SAN field (or any extension) in a cert request via the command line; no special custom config or fancy ENV vars needed.

 

Hooray!


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



 

--

SY, Dmitry Belyavsky


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: New usability feature

Viktor Dukhovni


> On Dec 28, 2017, at 5:16 PM, Salz, Rich via openssl-users <[hidden email]> wrote:
>
> No, but that would be simple to add if you are up for doing the PR.

For the record, as mentioned in a previous post, this is already
available for self-signed certificates (via openssl req -x509).
What's missing is support for ca-issued certificates
(via openssl x509 -req).

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users