<div dir="ltr">Hi,<br clear="all"><div><div class="gmail_extra"><br><div class="gmail_quote">On 13 October 2017 at 12:03, lists <span dir="ltr"><<a href="mailto:lists@rustichelli.net" target="_blank">lists@rustichelli.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"><span class="gmail-">
<div class="gmail-m_6460428225935130668moz-cite-prefix">On 10/10/2017 05:40 PM, Jorge Novo
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
As most of us know, the Google Chrome Navigator ask about
Subject Alternative Name instead the Common Name.<br>
<br>
I want to distribute a little <i>openssl.cnf</i> file for
creation the CSR files with my specific values and establish
the Subject Alternative Name = Common Name. I want yo ask
about the CN and assign this value to SAN.<br>
<br>
</div>
This is my beta <i>openssl.cnf</i> file:<br>
<br>
*Sorry for the comments in Spanish</div>
<div><br>
</div>
<div>I do not how to set a variable (CN Variable) to assign to
SAN value.<br>
</div>
<div><i><br>
</i></div>
</div>
</blockquote>
<br></span>
In my limited knowledge, you can't copy the CN name into the SAN in
the configuration.<br>
Obvious yet clumsy workaround is to have a shell script ask for the
FQDN, set a shell variable with the CN value and then recall the ENV
variable from inside openssl.cnf, or you can have the script
dynamically write/edit opessl.cnf with the user-entered value.</div></blockquote><br>This is correct, it does not exist any configuration to copy the CN to SNA or</div><div class="gmail_quote">vice versa, although it is weird because, in fact it exists, a configuration to</div><div class="gmail_quote">copy the SMA email address from the distinguished name. This can be</div><div class="gmail_quote">done with these settings subjectAltName=email:copy or</div><div class="gmail_quote">subjectAltName=email:move. With move I can not confirm it.<br></div><div class="gmail_quote"><br></div><div class="gmail_quote"><a href="https://www.openssl.org/docs/man1.1.0/apps/x509v3_config.html">https://www.openssl.org/docs/man1.1.0/apps/x509v3_config.html</a></div><br>_Subject Alternative Name_<br><br>[...]<br>The email option include a special 'copy' value. This will automatically include any email addresses contained in the certificate subject name in the extension.<br>[...]<br><span style="color:rgb(34,34,34);font-family:"PT Serif",Georgia,Times,"Times New Roman",serif;font-size:18.4px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(248,248,248);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none"></span><div class="gmail_quote"><div><br></div><div><br></div>My solution for this was:<br><br># export Cert_Name=www.micasa.local<br># openssl req -new -keyout $Cert_Name.key -out $Cert_Name.csr -config opensslMiCasa.cnf<br># unset $Cert_Name<div><br></div><div><br><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;display:inline;float:none"></span></div><br><div><div><div class="gmail_signature">---<br><br>SALUDE3.<br><br><a href="http://www.rodeiroag.es/" target="_blank">http://www.rodeiroag.es/</a><br><a href="http://soloeningles.blogspot.com/" target="_blank">http://soloeningles.blogspot.com/</a></div></div>
</div></div></div></div></div>