[openssl-users] Cant get the subjectALtName inot the root cert
Robert Moskowitz
rgm at htt-consult.com
Thu Aug 17 22:30:11 UTC 2017
I guess I am making progress. I am not getting SAN into the root cert.
my cnf has in it:
[ req ]
# Options for the `req` tool (`man req`).
default_bits = 2048
prompt = no
distinguished_name = req_distinguished_name
string_mask = utf8only
req_extensions = req_ext
[ req_ext ]
#subjectAltName = email:$ENV::adminemail
#subjectAltName = email:admin at htt-consult.com
subjectAltName = IP:192.168.24.1
I tried all three above alternatives for SAN. No SAN in the root cert
created with:
openssl req -config openssl-root.cnf -key private/ca.key.pem \
-new -x509 -days 7300 -sha256 -extensions v3_ca -out
certs/ca.cert.pem
Thanks for any insight.
This type of cnf worked for creating a CSR and with the copy option the
SAN made it into the cert.
thanks
Bob
More information about the openssl-users
mailing list