AW: Configuration file for subjectAltName

Tue, 18 Sep 2007 12:23:27 -0700 

# subjectAltName          = @alt_names

should be uncommented :-)

-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Victor
Duchovni
Gesendet: Dienstag, 18. September 2007 21:06
An: openssl-users@openssl.org
Betreff: Re: Configuration file for subjectAltName

On Tue, Sep 18, 2007 at 01:46:42PM -0500, Murphy, David F wrote:

> Exchange 2007 certificates and the autodiscovery functions:
>  
> According to this Microsoft article:
> http://msexchangeteam.com/archive/2007/07/02/445698.aspx
> <http://msexchangeteam.com/archive/2007/07/02/445698.aspx>  a 
> certificate with Subject Alternative Names (SAN) is the recommended 
> method to purpose the use of the 'autodiscovery feature'.
>  
> For example, I need to add the following three DNS names using the SAN
> extensions:
>  
> exchangemail.mysite.com
> mysite.com
> autodiscover.mysite.com
> 
> Has anyone out there done this already?  If so, would you please share 
> the openssl.cnf that you used and the commands you executed to utilize 
> the configuration file?

Config file:

    [ req ]
    default_bits            = 1024
    default_md              = sha1
    default_keyfile         = key.pem
    distinguished_name      = req_distinguished_name
    prompt                  = no
    string_mask             = nombstr
    req_extensions          = v3_req

    [ req_distinguished_name ]
    countryName             = US
    stateOrProvinceName     = New York
    localityName            = New York
    organizationName        = Acme Inc
    organizationalUnitName  = IT insecurity
    commonName              = www.example.com
    emailAddress            = [EMAIL PROTECTED]

    [ v3_req ]
    basicConstraints        = CA:FALSE
    keyUsage                = nonRepudiation, digitalSignature,
keyEncipherment

    # Verisign managed PKI, does not yet support subjectAltName in CSRs,
instead
    # they prompt for these in the enrollment form...
    # If your CA support SAN CSRs, uncomment below.
    # subjectAltName          = @alt_names

    [ alt_names ]
    DNS.1 = www.example.com
    DNS.2 = 0wn3d.example.com

Generate the CSR:

    (umask 077; openssl genrsa -out key.pem 1024)
    openssl req -config conf.cnf -new -key key.pem -out req.pem

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to