> From: owner-openssl-us...@openssl.org On Behalf Of Benoit Rouleau > Sent: Friday, 11 November, 2011 12:19
> I have a problem. I am attempting to generate a self-signed > (for internal use) certificate with multiple SAN and all I can get > is a V1 certificate with no SAN at all. <snip> > OpenSSL genrsa -out test.key 2048 > OpenSSL req -new -key test.key -config test.cfg -out test.csr > OpenSSL x509 -req -days 3650 -signkey test.key -in test.csr -out test.crt x509 -req doesn't copy 'requested' extensions from the CSR to the cert. Options: - don't put SAN in the req, use x509 -req -extensions [-extfile] to add it to the cert. - don't bother with x509, use req -new -x509 -extensions [-config] to create the selfsigned cert directly with (Subject &) SAN - don't use selfsigned, put SAN in the req, use ca with copy_extensions=copy in its config file ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
