[openssl-users] 802.1AR certificate generation and the config file
Robert Moskowitz
rgm at htt-consult.com
Mon Aug 14 16:55:34 UTC 2017
On 08/14/2017 07:16 AM, Michael Ströder wrote:
> Robert Moskowitz wrote:
>> I am getting a SAN in the csr e.g.:
>>
>> Attributes:
>> Requested Extensions:
>> X509v3 Subject Alternative Name:
>> IP Address:192.168.2.1
>> [..]
>> But I am not getting SAN in the cert. Perhaps I need something for SAN in the
>> -extensions section? Right now I only have:
> Are you using "openssl ca" for signing the cert?
Yes, I am.
> If yes, you could add the line
>
> copy_extensions = copy
>
> to your CA config section.
>
> http://cmrg.fifthhorseman.net/wiki/SubjectAltName
>
> https://wiki.openssl.org/index.php/Manual:Ca%281%29#CONFIGURATION_FILE_OPTIONS
>
> Ciao, Michael.
Thanks. That works. Now that I can get a SAN into the certs I need to
research using othername and what a hardwaremodulename OID looks like
and make it happen. Got to google some and ask around more.
Again thanks for helping me get this far.
Bob
More information about the openssl-users
mailing list