[openssl-users] 802.1AR certificate generation and the config file

Robert Moskowitz rgm at htt-consult.com
Fri Aug 11 15:54:36 UTC 2017

On 08/11/2017 11:29 AM, Salz, Rich wrote:
>> Given these supported names, what goes into the config file to create a SAN
>> without having to specify it on the command line?
> In the certificate extensions section you do something like:
> 	subjectAltName = dns:www.example.com, IP:
> and so on.  The "pki.tgz"

OK.  I am beginning to get this.  Will set some things up and test.

>> And further it seems you are saying there is no support for HMN at all.
> Right.

What is the procedure to get it added.  RFC 4108 has been around for a 
while, as has 802.1AR-2009.

Though I am assuming from a prior comment that even if it were added 
today, it would not be available until the 1.1.1 release?



More information about the openssl-users mailing list