Hi Buchan, Hmm, interesting. I've done something similar: PKCS#10 import via the pub interface, edit the request via the RA. The CSR goes to the CA with the correct SAN. After issuance, the SAN on the cert is blank.
Did you have to edit any OpenSSL extension files on the CA? Did you edit any of the SUBJECT_ALT_NAME config items in servers/*.conf? Mike > > I've issued certificates with multiple Subject Alternative Names, thus > far > usually with one DNS SAN, and at least two IP SAN's, without any > problems. I > usually add them on the RA interface (as they don't come through on > CSRs > generated with autosscep), but they always end up on the cert .... > > This is on an installation that is at least two years old, running: > OpenSSL 0.9.135.2.4 > Tools 0.4.3 > DB 2.0.5 > Configuration 1.5.3 > TRIStateCGI 1.5.5 > REQ 0.9.61 > X509 0.9.57 > CRL 0.9.24 > PKCS7 0.9.19 > > Regards, > Buchan > > > On Monday 08 September 2008 17:05:15 Mike Wiseman wrote: > > I see from the archives that perhaps this can't be done. So how can > one > > issue a cert with a multi-valued SAN in OpenCA (without manually > editing > > the OpenSSL ext file)? > > > > > > > > OpenCA-Devel] > > > <http://sourceforge.net/mailarchive/message.php?msg_id=52465.193.150.16 > 6.44 > >. 1109928151.squirrel%40193.150.166.44> SubjectAltNames ignored from > > incoming PKCS#10 requests > > > > > > > > Mike > > > > > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Mike > > Wiseman > > Sent: September-07-08 2:29 PM > > To: Openca-Users@lists.sourceforge.net > > Subject: [Openca-Users] Multiple DNS Values for SubjectAltName > > > > > > > > Hi, > > > > > > > > I'm trying to issue a cert with multiple 'DNS' values in the SAN from > a CA. > > The CSR, generated from an RA web interface, has the correct value > for > > SubjectAltName. I can see this in the CSR on the CA (transferred from > the > > RA) but, on signing, the resultant cert has no value for SAN. I've > tried > > manipulating the SUBJECT_ALT_NAME* config items in ca.conf with no > luck. > > Any suggestions? > > > > > > > > Thanks, > > > > > > > > Mike > > > ----------------------------------------------------------------------- > -- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
