./CA.pl -newreq specify servername

Paul Nelson nelson at openssl.org
Fri Feb 19 18:17:52 UTC 2021 

For OpenSSL 1.0.2:

Are you asking how to get a DNS Subject Alternative Name extension into the certificate?
You would need to edit an openssl.cnf file and add the proper stuff to get this extension. Check the man page for x509v3_config.
The item you want to put in the config file is subjectAltName=DNS:myserver.mydom.com <http://myserver.mydom.com/>

Also see the man page for ca and config

You may need to run the openssl ca command directly instead of using CA.pl so you can use the -extensions argument.

> On Feb 16, 2021, at 8:22 PM, Kaushal Shriyan <kaushalshriyan at gmail.com> wrote:
> 
> 
> 
> On Tue, 16 Feb 2021 at 6:02 AM, Kaushal Shriyan <kaushalshriyan at gmail.com <mailto:kaushalshriyan at gmail.com>> wrote:
> Hi,
> 
> I am running CentOS Linux release 7.9.2009 (Core).
> 
> #rpm -qa | grep openssl
> openssl-devel-1.0.2k-21.el7_9.x86_64
> openssl-libs-1.0.2k-21.el7_9.x86_64
> openssl-1.0.2k-21.el7_9.x86_64
> openssl-perl-1.0.2k-21.el7_9.x86_64
> 
> cd /etc/pki/tls/misc
> [root at basheerdevops misc]# ll
> total 64
> -rwxr-xr-x. 1 root root 5178 Dec 17 02:53 CA
> -rwxr-xr-x  1 root root 5691 Dec 17 02:53 CA.pl
> -rwxr-xr-x. 1 root root  119 Dec 17 02:53 c_hash
> -rwxr-xr-x. 1 root root  152 Dec 17 02:53 c_info
> -rwxr-xr-x. 1 root root  112 Dec 17 02:53 c_issuer
> -rwxr-xr-x. 1 root root  110 Dec 17 02:53 c_name
> -rw-r--r--  1 root root 4837 Feb 16 05:51 newcert.pem
> -rw-r--r--  1 root root 1834 Feb 16 05:49 newkey.pem
> -rw-r--r--  1 root root 1115 Feb 16 05:49 newreq.pem
> -rwxr-xr-x  1 root root 6419 Dec 17 02:53 target
> 
>  #./CA.pl -newreq --> is there a way to specify server name? For example gitlabinternal.  By default, it saves in file newcert.pem
>  #./CA.pl -sign 
> 
> I ran the below command to copy 
> #cp newcert.pem gitlabinternal.pem 
> #openssl x509 -in gitlabinternal.pem -noout -text
> 
> Is there a way to specify servername in ./CA.pl -newreq  command ? Please suggest further. Thanks in advance. 
> 
> Best Regards,
> 
> Kaushal
> 
> Hi,
> 
> I will appreciate if someone can pitch in for my earlier email post to this mailing list. 
> 
> Thanks in Advance.
> 
> Best Regards,
> 
> Kaushal

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210219/466b3dec/attachment-0001.html>

More information about the openssl-users mailing list