Correct me if I'm wrong, but your script uses x509 command. I was asking if
it is possible to do this using the "ca" command.
On Thu, Jan 14, 2016 at 2:28 PM, Viktor Dukhovni wrote:
> On Thu, Jan 14, 2016 at 01:08:02PM +, Gareth Williams wrote:
>
> > On Thursday 14 January 2016 10:59:01 Maur
On Thu, Jan 14, 2016 at 01:08:02PM +, Gareth Williams wrote:
> On Thursday 14 January 2016 10:59:01 Mauro Romano Trajber wrote:
> > Could you send me the ca command line? There's any way to run it without
> > creating a .cnf - using only <(print notation?
>
> To be honest, I don't know whethe
On Thursday 14 January 2016 11:17:48 Mauro Romano Trajber wrote:
> There's any advantage to use ca command instead x509 command? Why there's
> two different ways to sign a certificate request?
The x509 command is simply there to generate/manipulate X.509 format
certificates.
The ca command opera
There's any advantage to use ca command instead x509 command? Why there's
two different ways to sign a certificate request?
On Thu, Jan 14, 2016 at 11:08 AM, Gareth Williams <
gar...@garethwilliams.me.uk> wrote:
> On Thursday 14 January 2016 10:59:01 Mauro Romano Trajber wrote:
> > Could you send
On Thursday 14 January 2016 10:59:01 Mauro Romano Trajber wrote:
> Could you send me the ca command line? There's any way to run it without
> creating a .cnf - using only <(print notation?
To be honest, I don't know whether you could run it purely from the command
line without a config file as th
Could you send me the ca command line? There's any way to run it without
creating a .cnf - using only <(print notation?
On Thu, Jan 14, 2016 at 6:07 AM, Gareth Williams <
gar...@garethwilliams.me.uk> wrote:
> On Wednesday 13 January 2016 16:22:10 Mauro Romano Trajber
> wrote:
> > In which section
On Wednesday 13 January 2016 16:22:10 Mauro Romano Trajber
wrote:
> In which section?
>
> On section [CA_default] I have 'copy_extensions = copy'
Is that the issue? You have copy_extensions in the CA_default
section, which is no doubt referenced to by the default_ca = ... stanza
earlier in th
Thanks,
I could not make subjectAltName copy at all. I try several ways without
success - subjectAltName=IP:copy its not a valid option
like subjectAltName=email:copy.
What works for me (but doesn't seems to be the correct solution) is pass
the extfile to x509 command with subjectAltName data aga
> On Jan 13, 2016, at 1:22 PM, Mauro Romano Trajber wrote:
>
> In which section?
>
> On section [CA_default] I have 'copy_extensions = copy'
In case you find it useful, I am attaching a bash script I use to
generate certificate chains for various automated tests.
This does not use any customi
In your ca_defualt you should have a x509_extensions field that references
another stanza. That other stanza needs the copy. I don’t know if
copy_extensions copies everything. ☹
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/
In which section?
On section [CA_default] I have 'copy_extensions = copy'
Can I do this using only command line options?
On Wed, Jan 13, 2016 at 3:42 PM, Salz, Rich wrote:
> >But when I try to sign it using my own CA using the x509 command this
> data is removed
>
> You need to make sure that
>But when I try to sign it using my own CA using the x509 command this data is
>removed
You need to make sure that subjectAltName is marked as copy in your config file.
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/list
Hi,
I created a CSR with subjectAlternativeNames:
$ openssl req -noout -in my.csr -text
Requested Extensions:
X509v3 Subject Alternative Name:
IP Address:1.1.1.1, DNS:www.example.com
...
But when I try to sign it using my own CA using the x509 command this data
13 matches
Mail list logo
