[openssl-users] [openssl]: Subject alternative names not recognized when signing certificates
Carsten
openssl-mailman at familie-lahme.de
Sat Sep 22 12:28:31 UTC 2018
Hi list,
this is about setting up a certificate authority to sign incoming
(forgeign) certificate requests.
I have installed
####################################
/var/caintermed # openssl version -a
OpenSSL 1.1.2-dev xx XXX xxxx
built on: Fri Sep 21 10:19:51 2018 UTC
platform: linux-armv4
options: bn(64,32) rc4(char) des(long) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -march=armv7-a -Wa,--noexecstack -Wall -O3
-DOPENSSL_USE_NODELETE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM -DKECCAK1600_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib/engines-1.1"
Seeding source: os-specific
############################################################
My setup is based on this:
https://jamielinux.com/docs/openssl-certificate-authority/create-the-root-pair.html
I can sign certificate requests successfully, BUT....
if the request contains SAN attributs (subjectalternatenames) they are
ignored -not visible in the signed certificate.
I found many exambles how to create a SAN-Certificate using the
selfsigned mechanism, but that is not what I want.
Is there any how-to in the wild, how to set up a fully working CA
including SAN (v3) attributs?
br
Carsten
More information about the openssl-users
mailing list