Dear All,
My TLS client can validate both CN and SN & i need to test both the
scenario.
I don't know how to create certificate with “subjectAltName extension”
using openssl commands.
In the RFC-2818 , there are two ways of Certificate Validation for Host name
1) CN (Common Name)
2) SN( Subject Name)
If a subjectAltName extension of type dNSName is present, that MUST
be used as the identity. Otherwise, the (most specific) Common Name
field in the Subject field of the certificate MUST be used. Although
the use of the Common Name is existing practice, it is deprecated and
Certification Authorities are encouraged to use the dNSName instead.
I created Self-signed certificate using open-ssl commands and my
certificate chain looks like below where CN=10.204.4.69
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key
-out server.crt
My Certificate chain
===============
0 s:/C=IN/ST=Karnataka/L=Bangalore/O=Home
Inc/OU=TLS/CN=10.204.4.69/emailAddress=ssr...@www.https.com
i:/C=IN/ST=Karnataka/L=Bangalore/O=Home
Inc/OU=TLS/CN=10.204.4.69/emailAddress=ssr...@www.https.com
Please tell how to create certificate with “subjectAltName extension” using
openssl commands ?
Thanks in advance.
Regards,
Rout
--
View this message in context:
http://old.nabble.com/Please-Help%3A-Certificate-Validation-using-subjectAltName-extension-tp32906983p32906983.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
