[openssl-users] 802.1AR certificate generation and the config file

Michael Ströder michael at stroeder.com
Mon Aug 14 11:16:13 UTC 2017

Robert Moskowitz wrote:
> I am getting a SAN in the csr e.g.:
>         Attributes:
>         Requested Extensions:
>             X509v3 Subject Alternative Name:
>                 IP Address:
> [..]
> But I am not getting SAN in the cert.  Perhaps I need something for SAN in the
> -extensions section?  Right now I only have:

Are you using "openssl ca" for signing the cert?

If yes, you could add the line

copy_extensions = copy

to your CA config section.



Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170814/4af74aef/attachment.bin>

More information about the openssl-users mailing list