[openssl-users] Creating requests and certificates with Subject Alternative Names

Angus Robertson - Magenta Systems Ltd angus at magsys.co.uk
Thu Sep 21 17:56:00 UTC 2017

I'm creating X509 certificate requests and certificates in code, trying
to add X509v3 Subject Alternative Name, with 1.1.0f.  

But if I add a list of four domains, ie: 


The certificate seems to ignore some and repeat others:

X509v3 Subject Alternative Name: 
DNS:www3.mydomain, DNS:www4.mydomain, DNS:www3.mydomain,

Finding documentation for SANs in OpenSSL is very hard, there don't
seem to be high level APIs to create extension content stacks.   The
best I found is set_altname in v3nametest.c which builds a stack of
GENERAL_NAMES and adds it using X509_add1_ext_i2d. 

I must be something correct since it half works, but no idea why the
data is corrupted. 

To complicate matters, I'm not writing in C, but using Delphi pascal,
so all the OpenSSL APIs and macros have been converted to Delphi, which
does potentially cause errors in translation.  This is an open source
Delphi interface to OpenSSL.  


More information about the openssl-users mailing list