[openssl-users] RFC2818 and subjectAltName

Ryan Murray rjkmurray40 at gmail.com
Wed Apr 26 16:59:31 UTC 2017


If you are asking me, by all means yes. Thanks for asking, I respect the value of honesty in world that has so very few people left.

Sent from Mail for Windows 10

From: Viktor Dukhovni
Sent: Wednesday, April 26, 2017 1:55 PM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] RFC2818 and subjectAltName


> On Apr 26, 2017, at 11:55 AM, Murray, Ronald-1 (ANF) <murrayr at dor.state.ma.us> wrote:
> 
> Our certificates, of course, only contained the Common Name (CN), with no subjectAltName (SAN). I solved the problem by creating new certificates and hacking openssl.cnf to request a SAN in the CSR.

An appropriate openssl.cnf is the supported way to populate DNS altnames
into certificates created with the req(1), x509(1) and ca(1) utilities.

> Is there any chance of this being included in openssl?

It is already included, via the openssl.cnf interface.  You can
also create openssl.cnf sections on the fly, without creating
any persistent files, with "bash" or similar shells.  See, for
example:

   https://github.com/openssl/openssl/blob/master/test/certs/mkcert.sh

-- 
	Viktor.
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170426/cd9ef87b/attachment-0001.html>


More information about the openssl-users mailing list