1.OU or OU.1 ?

Dirk-Willem van Gulik dirkx at webweaving.org
Fri Mar 20 21:26:13 UTC 2020

> On 20 Mar 2020, at 22:12, Salz, Rich via openssl-users <openssl-users at openssl.org> wrote:
> The doc/man5/config.pod file says to use
>                 1.OU = “My first OU”
>                 2.OU = “My second OU”
> But doc/man5/x509v3_config.pod says to append the numeric, as in
>                 email.1 = steve at here
>                 email.2 = steve at there
> I believe the second form is correct.  Can anyone confirm?

AFAIK: Either simply like (e.g. in an extension file):

	 subjectAltName=email:foo at x,email:bar at x

or more listed like your second form:

	[ v3_req ]
	subjectAltName = @extrabits

	[ extrabits ]

or straight (ordered) directly:

	openssl req -x509 -subj /CN=foo/CN=bar -keyout /dev/null -nodes| openssl x509 -noout -subject  


More information about the openssl-users mailing list