Mark van Beek wrote:
Thanx for all the info, after a lot of trying I have created a working certificate. For now I have just a few question left, is it possible (without (shell)scripts) to (and how to do so): 1) include a .conf file with the subjectAltName extension configured for a certain certificate.
You can edit / create the .conf file before you sign the certificate.
2) include the subjectAltName in a CSR to sign by a CA (which for now is a self-signed CA, but might be a real CA someday).
Usually the extensions are dropped on signing...
3) enter the subjectAltName the same way you enter a commonName
That was my patch for:
You set the host name as common name and the config entry
subjectAltName=DNS:copy.commonName
will copy it into the subjectAltName extension.
With the config entry
subjectAltName=DNS:move.commonName
the common name of the request will be moved into the subjectAltName
extension (and becoming a DNS name)
With the part after the copy. and move. part you say
which part of the DN will be used in the subjectAltName extension
Bye
Goetz
--
DMCA: The greed of the few outweighs the freedom of the many
smime.p7s
Description: S/MIME Cryptographic Signature
