How do I configure my Certification Authority to pay attention to Subject Alternate Names

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 03.11.2015 14:46, John Lewis wrote:
> I created a local certification authority  using this tutorial
> https://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian
> and made a certification request using this tutorial and I use this
> tutorial to learn how to make a request with a Subject Alternate Name.
>
> I actually did manage to get lucky just now and I hypothesize that
> running a command like this 'openssl ca -in ldap01.req -out
> certs/new/ldap04.pem -extensions v3_req -config ./openssl.cnf' as
> opposed to running a command like this 'openssl ca -in ldap01.req -out
> certs/new/ldap04.pem  -config ./openssl.cnf' got my CA to create a cert
> with subject alternate names. How do I add '-extensions v3_req' to my ca
> configuration and have it be not be ignored?
>

add the following parameter(s):

-extensions sslcertext -extfile file
this file is similar to the following

[ sslcertext ]
basicConstraints = CA:false
keyUsage = critical, digitalSignature, keyEncipherment
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
authorityInfoAccess = OCSP;URI:#OCSP-URL#/, caIssuers;URI:#DER-CACERT-URL#

issuerAltName = issuer:copy
subjectAltName = #SUBJECTALTNAME#

extendedKeyUsage = serverAuth, msSGC, nsSGC

certificatePolicies = ia5org, @policy_section
crlDistributionPoints = URI:#CRL-URL#

[ policy_section ]
policyIdentifier = #POLICYID#
CPS.1 = #CPS-URL#



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151103/7bed15b4/attachment-0001.bin>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux