[openssl-users] Cant get the subjectALtName inot the root cert

Robert Moskowitz rgm at htt-consult.com
Thu Aug 17 22:30:11 UTC 2017

I guess I am making progress.  I am not getting SAN into the root cert.  
my cnf has in it:

[ req ]
# Options for the `req` tool (`man req`).
default_bits        = 2048
prompt              = no
distinguished_name  = req_distinguished_name
string_mask         = utf8only
req_extensions      = req_ext

[ req_ext ]
#subjectAltName = email:$ENV::adminemail
#subjectAltName = email:admin at htt-consult.com
subjectAltName = IP:

I tried all three above alternatives for SAN.  No SAN in the root cert 
created with:

openssl req -config openssl-root.cnf -key private/ca.key.pem \
       -new -x509 -days 7300 -sha256 -extensions v3_ca -out 

Thanks for any insight.

This type of cnf worked for creating a CSR and with the copy option the 
SAN made it into the cert.



More information about the openssl-users mailing list