On 08/14/2017 07:16 AM, Michael Ströder wrote:
Robert Moskowitz wrote:
I am getting a SAN in the csr e.g.:
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
IP Address:192.168.2.1
[..]
But I am not getting SAN in the cert.
Robert Moskowitz wrote:
> I am getting a SAN in the csr e.g.:
>
> Attributes:
> Requested Extensions:
> X509v3 Subject Alternative Name:
> IP Address:192.168.2.1
> [..]
> But I am not getting SAN in the cert. Perhaps I need something for SAN in the
>
I am getting a SAN in the csr e.g.:
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
IP Address:192.168.2.1
this is with the following in the config:
[ req ]
# Options for the `req` tool (`man req`).
default_bits= 2048
Robert Moskowitz wrote:
> On 08/11/2017 02:47 PM, Dr. Stephen Henson wrote:
>> On Fri, Aug 11, 2017, Robert Moskowitz wrote:
>>
>>> I would want the 'openssl req' command to prompt for hwType and
>>> hsSerialNum. At least for now.
>>>
>> Note that you can't get the 'openssl req' command prompt
On 08/11/2017 02:39 PM, Dr. Stephen Henson wrote:
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
Frustrated...
On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
My challenge comes to subjectAltName and its subfield
hardwareModuleName
per RFC 4108. I guess I am not 'getting' the
On 08/11/2017 02:47 PM, Dr. Stephen Henson wrote:
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
I would want the 'openssl req' command to prompt for hwType and
hsSerialNum. At least for now.
Note that you can't get the 'openssl req' command prompt for this but you can
generate the
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
>
> I would want the 'openssl req' command to prompt for hwType and
> hsSerialNum. At least for now.
>
Note that you can't get the 'openssl req' command prompt for this but you can
generate the extension in an appropriate syntax: see my other
On Fri, Aug 11, 2017, Robert Moskowitz wrote:
> Frustrated...
>
> On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
> >>My challenge comes to subjectAltName and its subfield
> >>hardwareModuleName
> >>per RFC 4108. I guess I am not 'getting' the subjectAltName section of
> >>'man
Frustrated...
On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
My challenge comes to subjectAltName and its subfield
hardwareModuleName
per RFC 4108. I guess I am not 'getting' the subjectAltName section of
'man x509v3_config'.
Not all forms of SAN names are supported. If you
Why thank you, Viktor. Let's see if I can get this right from RFC4108
On 08/11/2017 12:47 PM, Viktor Dukhovni wrote:
On Fri, Aug 11, 2017 at 03:29:25PM +, Salz, Rich via openssl-users wrote:
In the certificate extensions section you do something like:
subjectAltName =
On Fri, Aug 11, 2017 at 03:29:25PM +, Salz, Rich via openssl-users wrote:
> In the certificate extensions section you do something like:
> subjectAltName = dns:www.example.com, IP:127.0.0.1
> and so on. The "pki.tgz"
>
> > And further it seems you are saying there is no support for
Sigh. Well let's see want I can get done on this by the next
IEEE802/IETF week pair.
On 08/11/2017 11:56 AM, Salz, Rich wrote:
What is the procedure to get it added. RFC 4108 has been around for a while,
as has 802.1AR-2009.
Simplest way is to (get someone to) write the code and make a
> What is the procedure to get it added. RFC 4108 has been around for a while,
> as has 802.1AR-2009.
Simplest way is to (get someone to) write the code and make a github pull
requests.
Next way is to post a patch.
Next way is to open an issue and hope someone gets around to it.
> Though I
On 08/11/2017 11:29 AM, Salz, Rich wrote:
Given these supported names, what goes into the config file to create a SAN
without having to specify it on the command line?
In the certificate extensions section you do something like:
subjectAltName = dns:www.example.com, IP:127.0.0.1
and
> Given these supported names, what goes into the config file to create a SAN
> without having to specify it on the command line?
In the certificate extensions section you do something like:
subjectAltName = dns:www.example.com, IP:127.0.0.1
and so on. The "pki.tgz"
> And further it
Thanks for the response, Rich.
On 08/11/2017 11:14 AM, Salz, Rich via openssl-users wrote:
My challenge comes to subjectAltName and its subfield
hardwareModuleName
per RFC 4108. I guess I am not 'getting' the subjectAltName section of
'man x509v3_config'.
Not all forms of SAN names are
> My challenge comes to subjectAltName and its subfield
> hardwareModuleName
> per RFC 4108. I guess I am not 'getting' the subjectAltName section of
> 'man x509v3_config'.
Not all forms of SAN names are supported. If you look in
include/openssl/x509v3.h you see the following:
# define
17 matches
Mail list logo