> On Apr 26, 2017, at 11:55 AM, Murray, Ronald-1 (ANF) > <murr...@dor.state.ma.us> wrote: > > Our certificates, of course, only contained the Common Name (CN), with no > subjectAltName (SAN). I solved the problem by creating new certificates and > hacking openssl.cnf to request a SAN in the CSR.
An appropriate openssl.cnf is the supported way to populate DNS altnames into certificates created with the req(1), x509(1) and ca(1) utilities. > Is there any chance of this being included in openssl? It is already included, via the openssl.cnf interface. You can also create openssl.cnf sections on the fly, without creating any persistent files, with "bash" or similar shells. See, for example: https://github.com/openssl/openssl/blob/master/test/certs/mkcert.sh -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
