For setup of a Postfix box that will serve multiple virtual domains, I
would like to generate one cert for all hostnames at which this box will
be able to be reached.
Following an example in a post from Victor Duchovni [0], I configured the
subjectAltName parameter in openssl.cnf with four hostnames and generated
a cert. However, I still see only one CN in the resulting cert.
I've pasted below the subjectAltName stuff from my openssl.cnf, and here
are the commands I used to generate the cert:
openssl req -new -nodes -keyout /root/CA/private/lance-cyrus.key \
-out csrs/lance-cyrus.csr -config ./openssl.cnf \
-extensions server
openssl ca -out certs/lance-cyrus.pem \
-in csrs/lance-cyrus.csr -config ./openssl.cnf \
-extensions server
But when I view the cert with this command I only see one CN:
openssl x509 -in certs/lance-cyrus.pem -noout -text
Thanks in advance for clues on getting subjectAltName working.
dn
[0] http://tinyurl.com/tqhhb
from my openssl.cnf:
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# Some CAs do not yet support subjectAltName in CSRs.
# Instead the additional names are form entries on web
# pages where one requests the certificate...
subjectAltName = @alt_names
[alt_names]
DNS.1 = lance.eng.networktest.com
DNS.2 = mail.freedonia.gov
DNS.3 = mail.potrzebie.org
DNS.4 = mail.furshlugginer.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
