[openssl-users] 802.1AR certificate generation and the config file

Michael Ströder michael at stroeder.com
Mon Aug 14 11:16:13 UTC 2017


Robert Moskowitz wrote:
> I am getting a SAN in the csr e.g.:
> 
>         Attributes:
>         Requested Extensions:
>             X509v3 Subject Alternative Name:
>                 IP Address:192.168.2.1
> [..]
> But I am not getting SAN in the cert.  Perhaps I need something for SAN in the
> -extensions section?  Right now I only have:

Are you using "openssl ca" for signing the cert?

If yes, you could add the line

copy_extensions = copy

to your CA config section.

http://cmrg.fifthhorseman.net/wiki/SubjectAltName

https://wiki.openssl.org/index.php/Manual:Ca%281%29#CONFIGURATION_FILE_OPTIONS

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170814/4af74aef/attachment.bin>


More information about the openssl-users mailing list