If you are asking me, by all means yes. Thanks for asking, I respect the value of honesty in world that has so very few people left. Sent from Mail for Windows 10 From: Viktor Dukhovni > On Apr 26, 2017, at 11:55 AM, Murray, Ronald-1 (ANF) <murrayr@xxxxxxxxxxxxxxx> wrote: > > Our certificates, of course, only contained the Common Name (CN), with no subjectAltName (SAN). I solved the problem by creating new certificates and hacking openssl.cnf to request a SAN in the CSR. An appropriate openssl.cnf is the supported way to populate DNS altnames into certificates created with the req(1), x509(1) and ca(1) utilities. > Is there any chance of this being included in openssl? It is already included, via the openssl.cnf interface. You can also create openssl.cnf sections on the fly, without creating any persistent files, with "bash" or similar shells. See, for example: https://github.com/openssl/openssl/blob/master/test/certs/mkcert.sh -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users |
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
