[openssl-users] 802.1AR certificate generation and the config file

Robert Moskowitz rgm at htt-consult.com
Mon Aug 14 16:55:34 UTC 2017

On 08/14/2017 07:16 AM, Michael Ströder wrote:
> Robert Moskowitz wrote:
>> I am getting a SAN in the csr e.g.:
>>          Attributes:
>>          Requested Extensions:
>>              X509v3 Subject Alternative Name:
>>                  IP Address:
>> [..]
>> But I am not getting SAN in the cert.  Perhaps I need something for SAN in the
>> -extensions section?  Right now I only have:
> Are you using "openssl ca" for signing the cert?

Yes, I am.

> If yes, you could add the line
> copy_extensions = copy
> to your CA config section.
> http://cmrg.fifthhorseman.net/wiki/SubjectAltName
> https://wiki.openssl.org/index.php/Manual:Ca%281%29#CONFIGURATION_FILE_OPTIONS
> Ciao, Michael.

Thanks.  That works.  Now that I can get a SAN into the certs I need to 
research using othername and what a hardwaremodulename OID looks like 
and make it happen.  Got to google some and ask around more.

Again thanks for helping me get this far.


More information about the openssl-users mailing list