Could you send me the ca command line? There's any way to run it without creating a .cnf - using only <(print notation? On Thu, Jan 14, 2016 at 6:07 AM, Gareth Williams < gareth at garethwilliams.me.uk> wrote: > On Wednesday 13 January 2016 16:22:10 Mauro Romano Trajber > wrote: > > In which section? > > > > On section [CA_default] I have 'copy_extensions = copy' > > Is that the issue? You have copy_extensions in the CA_default > section, which is no doubt referenced to by the default_ca = ... stanza > earlier in the config file. > > My understanding is that this is only read when you use the openssl > ca command. As you stated you're using the openssl x509 command > to sign your request, then this isn't being read. > > Any reason you're not signing with the openssl ca command? I've just > checked and it works as you expected when using this command. > > Kind regards, > > Gareth > > > > > Can I do this using only command line options? > > > > On Wed, Jan 13, 2016 at 3:42 PM, Salz, Rich <rsalz at akamai.com> > wrote: > > > >But when I try to sign it using my own CA using the x509 > command this > > > > > > data is removed > > > > > > You need to make sure that subjectAltName is marked as copy in > your config > > > file. > > > _______________________________________________ > > > openssl-users mailing list > > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160114/033e5f62/attachment.html>
