subjectAltNam

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

subjectAltNam

Serge Fonville
Hi,

I am trying to setup subjectAlNames in openssl.cnf
I created a copy of usr_cert and named it srv_cert
in this section I added the subjectAltNam.
With the req I specified -reqopts srv_cert the resulting certificate does not contain the subjecLAltName.
I'm not sure what additional settings I need to change.

What Am I doing wrong?

Windows Vista Home Premium x64
Apache 2.2 x64
Openssl 0.9.8e x64

Thanks in advance,

Serge Fonville

Reply | Threaded
Open this post in threaded view
|

Re: subjectAltNam

Serge Fonville
Hi,

I figured out what I did wrong,

after a lot of googling I found that I needed to add copy_extensions = copy to the ca_default section
After this, it woiks as expected.

Thanks for the help.

Regards,

Serge Fonville

On Sat, Aug 15, 2009 at 4:10 AM, Klarth <[hidden email]> wrote:
What command are you using to generate the certificate? I think you
should try specifying the extension when you sign the request to get
the certificate.

On Aug 15, 5:51 am, [hidden email] (Serge Fonville) wrote:
> --0016361e888066a9de047120f500
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
>
> Hi,
> I am trying to setup subjectAlNames in openssl.cnf
> I created a copy of usr_cert and named it srv_cert
> in this section I added the subjectAltNam.
> With the req I specified -reqopts srv_cert the resulting certificate does
> not contain the subjecLAltName.
> I'm not sure what additional settings I need to change.
>
> What Am I doing wrong?
>
> Windows Vista Home Premium x64
> Apache 2.2 x64
> Openssl 0.9.8e x64
>
> Thanks in advance,
>
> Serge Fonville
>
> --0016361e888066a9de047120f500
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
>
> Hi,<div><br></div><div>I am trying to setup subjectAlNames in openssl.cnf</=
> div><div>I created a copy of usr_cert and named it srv_cert</div><div>in th=
> is section I added the subjectAltNam.</div><div>With the req I specified -r=
> eqopts srv_cert the resulting certificate does not contain the subjecLAltNa=
> me.</div>
>
> <div>I&#39;m not sure what additional settings I need to change.</div><div>=
> <br></div><div>What Am I doing wrong?</div><div><br></div><div>Windows Vist=
> a Home Premium x64</div><div>Apache 2.2 x64</div><div>Openssl 0.9.8e x64</d=
> iv>
>
> <div><br></div><div>Thanks in advance,</div><div><br></div><div>Serge Fonvi=
> lle</div><div><br></div>
>
> --0016361e888066a9de047120f500--
> ______________________________________________________________________
> OpenSSL Project                                http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]


Reply | Threaded
Open this post in threaded view
|

Re: subjectAltNam

Goetz Babin-Ebell
In reply to this post by Serge Fonville
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Serge Fonville schrieb:
| Hi,
Hello Serge,

| I am trying to setup subjectAlNames in openssl.cnf
| I created a copy of usr_cert and named it srv_cert
| in this section I added the subjectAltNam.
| With the req I specified -reqopts srv_cert the resulting certificate
| does not contain the subjecLAltName.
| I'm not sure what additional settings I need to change.
|
| What Am I doing wrong?
Did the request contain the subjectAltName extension ?
Did the openssl.cnf file contain the copy_extensions entry ?

Goetz

- --
DMCA: The greed of the few outweighs the freedom of the many
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFKhqr32iGqZUF3qPYRAmYGAJ0d78oIw9b8ChpndYW4X7VfCklPdACfWIXU
SQtuqbQFJVo3veZxKTYWvMo=
=9Sh1
-----END PGP SIGNATURE-----
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: subjectAltNam

Serge Fonville
Hi  Goetz.
 
Did the request contain the subjectAltName extension ?
Did the openssl.cnf file contain the copy_extensions entry ?

No it did not.

Thanks!

That completely solved my problem

Regards,

Serge Fonville