Re: OpenSSL CA and signing certs with SANs

2014-01-08 Thread Michael Ströder
Jakob Bohm wrote: > On 1/7/2014 12:17 AM, Biondo, Brandon A. wrote: >> I am using ‘ca’ not ‘x509’. It too ignores/discards extensions. Turning >> on copy_extensions solved the issue though, thanks. I have some >> follow-up questions: >> >> 1.If including SANs in CSRs is non-standard, what is the ac

RE: OpenSSL CA and signing certs with SANs

2014-01-07 Thread Dave Thompson
Brandon A. Sent: Monday, January 06, 2014 18:18 To: openssl-users@openssl.org Subject: RE: OpenSSL CA and signing certs with SANs I am using 'ca' not 'x509'. It too ignores/discards extensions. Turning on copy_extensions solved the issue though, thanks. I have some follow-up q

Re: OpenSSL CA and signing certs with SANs

2014-01-07 Thread Jakob Bohm
those specific SANs, as well as any other unusual extensions. *From:*owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Dave Thompson *Sent:* Monday, January 06, 2014 5:38 PM *To:* openssl-users@openssl.org *Subject:* RE: OpenSSL CA and signing certs with SANs

Re: OpenSSL CA and signing certs with SANs

2014-01-06 Thread Harlan Stenn
You might want to ask the CAcert folks what they do. I generate certs thru them with SANs all the time. -- Harlan Stenn http://networktimefoundation.org - be a member! __ OpenSSL Project http://

RE: OpenSSL CA and signing certs with SANs

2014-01-06 Thread Biondo, Brandon A.
icate? From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Monday, January 06, 2014 5:38 PM To: openssl-users@openssl.org Subject: RE: OpenSSL CA and signing certs with SANs It is debatable whether putting SAN in the request is really '

Re: OpenSSL CA and signing certs with SANs

2014-01-06 Thread Viktor Dukhovni
On Mon, Jan 06, 2014 at 09:16:16PM +, Biondo, Brandon A. wrote: > I am having trouble tracking down information regarding how you > reconfigure an OpenSSL CA to handle SANs in requests. When you use > an OpenSSL CA to sign this type of request, the certificate is made > without issue but the S

RE: OpenSSL CA and signing certs with SANs

2014-01-06 Thread Dave Thompson
#x27;? The latter is IME much more common. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Biondo, Brandon A. Sent: Monday, January 06, 2014 16:16 To: openssl-users@openssl.org Subject: OpenSSL CA and signing certs with SANs Hello, Forgive

OpenSSL CA and signing certs with SANs

2014-01-06 Thread Biondo, Brandon A.
Hello, Forgive me if I breach etiquette. This is my first post to this list in quite a while. I am having trouble tracking down information regarding how you reconfigure an OpenSSL CA to handle SANs in requests. There is a wealth of information on how to configure OpenSSL to form a proper requ