[openssl-users] Signing a csr with subjectAltName using x509 command

Mauro Romano Trajber trajber at gmail.com
Thu Jan 14 12:59:01 UTC 2016


Could you send me the ca command line? There's any way to run it without
creating a .cnf - using only <(print notation?

On Thu, Jan 14, 2016 at 6:07 AM, Gareth Williams <
gareth at garethwilliams.me.uk> wrote:

> On Wednesday 13 January 2016 16:22:10 Mauro Romano Trajber
> wrote:
> > In which section?
> >
> > On section [CA_default] I have 'copy_extensions = copy'
>
> Is that the issue?  You have copy_extensions in the CA_default
> section, which is no doubt referenced to by the default_ca = ... stanza
> earlier in the config file.
>
> My understanding is that this is only read when you use the openssl
> ca command.  As you stated you're using the openssl x509 command
> to sign your request, then this isn't being read.
>
> Any reason you're not signing with the openssl ca command?  I've just
> checked and it works as you expected when using this command.
>
> Kind regards,
>
> Gareth
>
> >
> > Can I do this using only command line options?
> >
> > On Wed, Jan 13, 2016 at 3:42 PM, Salz, Rich <rsalz at akamai.com>
> wrote:
> > > >But when I try to sign it using my own CA using the x509
> command this
> > >
> > > data is removed
> > >
> > > You need to make sure that subjectAltName is marked as copy in
> your config
> > > file.
> > > _______________________________________________
> > > openssl-users mailing list
> > > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160114/033e5f62/attachment.html>


More information about the openssl-users mailing list