Hi, On 13 October 2017 at 12:03, lists <li...@rustichelli.net> wrote:
> On 10/10/2017 05:40 PM, Jorge Novo wrote: > > As most of us know, the Google Chrome Navigator ask about Subject > Alternative Name instead the Common Name. > > I want to distribute a little *openssl.cnf* file for creation the CSR > files with my specific values and establish the Subject Alternative Name = > Common Name. I want yo ask about the CN and assign this value to SAN. > > This is my beta *openssl.cnf* file: > > *Sorry for the comments in Spanish > > I do not how to set a variable (CN Variable) to assign to SAN value. > > > In my limited knowledge, you can't copy the CN name into the SAN in the > configuration. > Obvious yet clumsy workaround is to have a shell script ask for the FQDN, > set a shell variable with the CN value and then recall the ENV variable > from inside openssl.cnf, or you can have the script dynamically write/edit > opessl.cnf with the user-entered value. > This is correct, it does not exist any configuration to copy the CN to SNA or vice versa, although it is weird because, in fact it exists, a configuration to copy the SMA email address from the distinguished name. This can be done with these settings subjectAltName=email:copy or subjectAltName=email:move. With move I can not confirm it. https://www.openssl.org/docs/man1.1.0/apps/x509v3_config.html _Subject Alternative Name_ [...] The email option include a special 'copy' value. This will automatically include any email addresses contained in the certificate subject name in the extension. [...] My solution for this was: # export Cert_Name=www.micasa.local # openssl req -new -keyout $Cert_Name.key -out $Cert_Name.csr -config opensslMiCasa.cnf # unset $Cert_Name --- SALUDE3. http://www.rodeiroag.es/ http://soloeningles.blogspot.com/
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
