[openssl-users] Signing a csr with subjectAltName using x509 command
Gareth Williams
gareth at garethwilliams.me.uk
Thu Jan 14 08:07:18 UTC 2016
On Wednesday 13 January 2016 16:22:10 Mauro Romano Trajber
wrote:
> In which section?
>
> On section [CA_default] I have 'copy_extensions = copy'
Is that the issue? You have copy_extensions in the CA_default
section, which is no doubt referenced to by the default_ca = ... stanza
earlier in the config file.
My understanding is that this is only read when you use the openssl
ca command. As you stated you're using the openssl x509 command
to sign your request, then this isn't being read.
Any reason you're not signing with the openssl ca command? I've just
checked and it works as you expected when using this command.
Kind regards,
Gareth
>
> Can I do this using only command line options?
>
> On Wed, Jan 13, 2016 at 3:42 PM, Salz, Rich <rsalz at akamai.com>
wrote:
> > >But when I try to sign it using my own CA using the x509
command this
> >
> > data is removed
> >
> > You need to make sure that subjectAltName is marked as copy in
your config
> > file.
> > _______________________________________________
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list