[openssl-users] 802.1AR certificate generation and the config file
rgm at htt-consult.com
Mon Aug 14 16:55:34 UTC 2017
On 08/14/2017 07:16 AM, Michael Ströder wrote:
> Robert Moskowitz wrote:
>> I am getting a SAN in the csr e.g.:
>> Requested Extensions:
>> X509v3 Subject Alternative Name:
>> IP Address:192.168.2.1
>> But I am not getting SAN in the cert. Perhaps I need something for SAN in the
>> -extensions section? Right now I only have:
> Are you using "openssl ca" for signing the cert?
Yes, I am.
> If yes, you could add the line
> copy_extensions = copy
> to your CA config section.
> Ciao, Michael.
Thanks. That works. Now that I can get a SAN into the certs I need to
research using othername and what a hardwaremodulename OID looks like
and make it happen. Got to google some and ask around more.
Again thanks for helping me get this far.
More information about the openssl-users