On Wed, Nov 04, 2015 at 04:06:57PM +0100, Ben Humpert wrote: > That guide is a little bit old and not very accurate. I setup my PKI > using the OpenSSL Cookbook recommended to me by Rich Salz. This free > guide / documentation is here: > https://www.feistyduck.com/books/openssl-cookbook/ (Click "Free: Read > Now" below the cover image). I also used various other sources to > improve and adapt the configuration files and command lines. IIRC correctly, you need to affect your ca.cf file to honor ('copy') the extensions for a SAN. Something like the detail here: http://stackoverflow.com/questions/21488845/how-can-i-generate-a-self-signed-certificate-with-subjectaltname-using-openssl Second, modify the signing parameters. Find this line under the CA_default section: # Extension copying option: use with caution. # copy_extensions = copy And change it to: # Extension copying option: use with caution. copy_extensions = copy -- Brian Reichert <reichert at numachi.com> BSD admin/developer at large
