<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 11/03/2015 12:04 PM, Walter H.
wrote:<br>
</div>
<blockquote cite="mid:5638E91B.8000300@mathemainzel.info"
type="cite">On 03.11.2015 14:46, John Lewis wrote:
<br>
<blockquote type="cite">I created a local certification authority
using this tutorial
<br>
<a class="moz-txt-link-freetext" href="https://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian">https://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian</a>
<br>
and made a certification request using this tutorial and I use
this
<br>
tutorial to learn how to make a request with a Subject Alternate
Name.
<br>
<br>
I actually did manage to get lucky just now and I hypothesize
that
<br>
running a command like this 'openssl ca -in ldap01.req -out
<br>
certs/new/ldap04.pem -extensions v3_req -config ./openssl.cnf'
as
<br>
opposed to running a command like this 'openssl ca -in
ldap01.req -out
<br>
certs/new/ldap04.pem -config ./openssl.cnf' got my CA to create
a cert
<br>
with subject alternate names. How do I add '-extensions v3_req'
to my ca
<br>
configuration and have it be not be ignored?
<br>
<br>
</blockquote>
<br>
add the following parameter(s):
<br>
<br>
-extensions sslcertext -extfile file
<br>
this file is similar to the following
<br>
<br>
[ sslcertext ]
<br>
basicConstraints = CA:false
<br>
keyUsage = critical, digitalSignature, keyEncipherment
<br>
subjectKeyIdentifier = hash
<br>
authorityKeyIdentifier = keyid:always, issuer:always
<br>
authorityInfoAccess = OCSP;URI:#OCSP-URL#/,
caIssuers;URI:#DER-CACERT-URL#
<br>
<br>
issuerAltName = issuer:copy
<br>
subjectAltName = #SUBJECTALTNAME#
<br>
<br>
extendedKeyUsage = serverAuth, msSGC, nsSGC
<br>
<br>
certificatePolicies = ia5org, @policy_section
<br>
crlDistributionPoints = URI:#CRL-URL#
<br>
<br>
[ policy_section ]
<br>
policyIdentifier = #POLICYID#
<br>
CPS.1 = #CPS-URL#
<br>
<br>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
openssl-users mailing list
To unsubscribe: <a class="moz-txt-link-freetext" href="https://mta.openssl.org/mailman/listinfo/openssl-users">https://mta.openssl.org/mailman/listinfo/openssl-users</a>
</pre>
</blockquote>
<br>
Do I replace my current [v3_req] section with the contents of
[sslcertext]?
</body>
</html>