Re: Personal CA: are cert serial numbers critical?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 08/16/2017 01:12 PM, Viktor Dukhovni wrote:
On Aug 16, 2017, at 12:52 PM, Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> wrote:

Which is also a problem in openssl.  You have to put the SAN into the cnf file.  There are a number of hacks to do this from the command line.
Yep.  For an approach that uses "bash" in-line files see:

    https://github.com/openssl/openssl/blob/master/test/certs/mkcert.sh#L95

I prefer something like this:

openssl req -new -sha256 -key domain.key -subj "/C=US/ST=CA/O=Acme, Inc./CN=example.com"\ -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:example.com,DNS:www.example.com"))\
 -out domain.csr

Bob

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux