[openssl-users] openssl.cnf asking Subject Alternative Names certificates.

lists lists at rustichelli.net
Fri Oct 13 10:03:44 UTC 2017 

On 10/10/2017 05:40 PM, Jorge Novo wrote:
> Hi everyone,
>
>   As most of us know, the Google Chrome Navigator ask about Subject 
> Alternative Name instead the Common Name.
>
> I want to distribute a little /openssl.cnf/ file for creation the CSR 
> files with my specific values and establish the Subject Alternative 
> Name = Common Name. I want yo ask about the CN and assign this value 
> to SAN.
>
> This is my beta /openssl.cnf/ file:
>
> *Sorry for the comments in Spanish
>
> I do not how to set a variable (CN Variable) to assign to SAN value.
> /
> /

In my limited knowledge, you can't copy the CN name into the SAN in the 
configuration.
Obvious yet clumsy workaround is to have a shell script ask for the 
FQDN, set a shell variable with the CN value and then recall the ENV 
variable from inside openssl.cnf, or you can have the script dynamically 
write/edit opessl.cnf with the user-entered value.

> /-------------------------------- 8< -------------------------------- 
> 8< -----------------------------------
> /#
> # Este fichero genera los CSR de nuestros sistemas con los paremetros
> # acordados.
> #
> # openssl genrsa -aes256 -out www.rra.lan.key 2048 -config 
> opensslMiCasa.cnf
> #
>
> # Establecemos un directorio de trabajo, el actual para ser exactos.
>
> dir                             = .
>
> [ req ]
> default_bits                    = 2048    # Size of keys
> default_keyfile                 = key.pem     # name of generated keys
> default_md                      = sha256    # message digest algorithm
> string_mask                     = nombstr     # permitted characters
> distinguished_name              = req_distinguished_name
> req_extensions                  = v3_req
>
> [ req_distinguished_name ]
> # Variable name                         Prompt string
> #-------------------------  ----------------------------------
> 0.organizationName              = Nombre de la Organizacion
> organizationalUnitName          = Mi Casa 
> [Desarrollo|Infraestructuras|Laboratorio]
> emailAddress                    = Cuenta de Correo
> emailAddress_max                = 64
> localityName                    = Localidad
> stateOrProvinceName             = Comunidad Autónoma
> countryName                     = ISO 3166-1 Codigo de País
> countryName_min                 = 2
> countryName_max                 = 2
> commonName                      = Common Name
>
> # Default values for the above, for consistency and less typing.
> # Variable name                         Value
> #------------------------ ------------------------------
> 0.organizationName_default      = Mi Casa
> organizationalUnitName_default  = Mi Casa Infraestructuras
> localityName_default            = Madrid
> stateOrProvinceName_default     = Comunidad de Madrid
> countryName_default             = ES
>
> [ v3_req ]
> basicConstraints                = CA:FALSE
> subjectKeyIdentifier            = hash
> subjectAltName                  =
> //-------------------------------- //////>8// 
> -------------------------------- >8 -----------------------------------//

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171013/a8078d7d/attachment.html>

More information about the openssl-users mailing list