On 03.11.2015 18:45, John Lewis wrote:
No, you add this part, because v3_req is used for the certificate request ...On 11/03/2015 12:04 PM, Walter H. wrote:On 03.11.2015 14:46, John Lewis wrote:I created a local certification authority using this tutorialhttps://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debianand made a certification request using this tutorial and I use this tutorial to learn how to make a request with a Subject Alternate Name.I actually did manage to get lucky just now and I hypothesize that running a command like this 'openssl ca -in ldap01.req -out certs/new/ldap04.pem -extensions v3_req -config ./openssl.cnf' as opposed to running a command like this 'openssl ca -in ldap01.req -out certs/new/ldap04.pem -config ./openssl.cnf' got my CA to create a certwith subject alternate names. How do I add '-extensions v3_req' to my caconfiguration and have it be not be ignored?add the following parameter(s): -extensions sslcertext -extfile file this file is similar to the following [ sslcertext ] basicConstraints = CA:false keyUsage = critical, digitalSignature, keyEncipherment subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always, issuer:alwaysauthorityInfoAccess = OCSP;URI:#OCSP-URL#/, caIssuers;URI:#DER-CACERT-URL#issuerAltName = issuer:copy subjectAltName = #SUBJECTALTNAME# extendedKeyUsage = serverAuth, msSGC, nsSGC certificatePolicies = ia5org, @policy_section crlDistributionPoints = URI:#CRL-URL# [ policy_section ] policyIdentifier = #POLICYID# CPS.1 = #CPS-URL#Do I replace my current [v3_req] section with the contents of [sslcertext]
and I have forgotten to mention, that #...# must be replaced with the right values;
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
