How to create a SAN certificate
Michael Richardson
mcr at sandelman.ca
Sat May 21 10:45:26 UTC 2022
Henning Svane <hsv at energy.dk> wrote:
> I am using OpenSSL 1.1.1f Is there a way to make a SAN certificate
> based on the CSR I have created in Exchange. I need a self-signed
> certificate for testing.
I'm not exactly sure what you think a SAN certificate is.
I guess one with a SubjectAltName extension. Mostly, all certificates have
that these days, but whether or not the Subject is entirely filled out is a
different question.
To form a self-signed certificate from a CSR, use openssl req.
You may need a configuration file, serial number, expiry and algorithm.
You'll need access to the private key.
See: https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki#section-4.2
Some of us maintain a document on generated test CAs for ECDSA and EDDSA
key types at: https://github.com/henkbirkholz/draft-moskowitz-ecdsa-pki
while it is in the form of an IETF ID, it is not intended for publication.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220521/b572aa15/attachment.sig>
More information about the openssl-users
mailing list