On Thu, Feb 14, 2013 at 05:37:00AM +0000, Viktor Dukhovni wrote: > On Thu, Feb 14, 2013 at 04:11:33AM +0000, Viktor Dukhovni wrote: > A more complete example: > > $ cat openssl.cnf > [ req ] > distinguished_name = dn > req_extensions = san > [ dn ] > [ san ] > subjectAltName = DNS:mail.example.com, DNS:smtp.example.com > > $ umask 077 > $ openssl req -new -newkey rsa:1024 -keyout key.pem -nodes \ > -config openssl.cnf -sha1 -subj "/" -out csr.pem > $ umask 022
I tried it with the following command based on your example: openssl req \ -new -newkey rsa:4096 \ -nodes \ -config test-no-cn.cnf \ -subj "/" \ -outform der -out test-no-cn.csr \ -keyout test-no-cn.key I used this configuration file: [req] default_bits = 4096 prompt = no encrypt_key = no default_md = sha256 distinguished_name = dn req_extensions = san [dn] [san] subjectAltName = DNS:example.com subjectAltName = email:username I don't get the working CSR, I only get this different error, now: error, no objects specified in config file problems making Certificate Request Is it possible something's wrong with my version of OpenSSL, or did I miss something in the steps you provided? > Viktor. Thank you very much for taking a second look at all of this for me. It really helps to have another set of eyes on the problem sometimes. Regards, Matthew ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
