Re: openssl.cnf asking Subject Alternative Names certificates.

[lists <lists@xxxxxxxxxxxxxxx>]

On 10/10/2017 05:40 PM, Jorge Novo wrote:

Hi everyone,

  As most of us know, the Google Chrome Navigator ask about Subject Alternative Name instead the Common Name.

I want to distribute a little openssl.cnf file for creation the CSR files with my specific values and establish the Subject Alternative Name = Common Name. I want yo ask about the CN and assign this value to SAN.

This is my beta openssl.cnf file:

*Sorry for the comments in Spanish

I do not how to set a variable (CN Variable) to assign to SAN value.

In my limited knowledge, you can't copy the CN name into the SAN in the configuration.
Obvious yet clumsy workaround is to have a shell script ask for the FQDN, set a shell variable with the CN value and then recall the ENV variable from inside openssl.cnf, or you can have the script dynamically write/edit opessl.cnf with the user-entered value.

-------------------------------- 8< -------------------------------- 8< -----------------------------------
#
# Este fichero genera los CSR de nuestros sistemas con los paremetros
# acordados.
#
# openssl genrsa -aes256 -out www.rra.lan.key 2048 -config opensslMiCasa.cnf
#

# Establecemos un directorio de trabajo, el actual para ser exactos.

dir                             = .

[ req ]
default_bits                    = 2048                          # Size of keys
default_keyfile                 = key.pem                       # name of generated keys
default_md                      = sha256                        # message digest algorithm
string_mask                     = nombstr                       # permitted characters
distinguished_name              = req_distinguished_name
req_extensions                  = v3_req

[ req_distinguished_name ]
# Variable name                         Prompt string
#-------------------------        ----------------------------------
0.organizationName              = Nombre de la Organizacion
organizationalUnitName          = Mi Casa [Desarrollo|Infraestructuras|Laboratorio]
emailAddress                    = Cuenta de Correo
emailAddress_max                = 64
localityName                    = Localidad
stateOrProvinceName             = Comunidad Autónoma
countryName                     = ISO 3166-1 Codigo de País
countryName_min                 = 2
countryName_max                 = 2
commonName                      = Common Name

# Default values for the above, for consistency and less typing.
# Variable name                         Value
#------------------------         ------------------------------
0.organizationName_default      = Mi Casa
organizationalUnitName_default  = Mi Casa Infraestructuras
localityName_default            = Madrid
stateOrProvinceName_default     = Comunidad de Madrid
countryName_default             = ES

[ v3_req ]
basicConstraints                = CA:FALSE
subjectKeyIdentifier            = hash
subjectAltName                  =
-------------------------------- >8 -------------------------------- >8 -----------------------------------

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users