> > I think this might work, but I haven't tested. Put in your openssl.cnf > (client): > > CERTUSERFQDN = r...@localhost #will be overridden > > then later: > > req_extensions = v3_req > > [ v3_req ] > ... > subjectAltName=email:$ENV::CERTUSERFQDN > ... > > Then create a request using openssl without email in DN (in one line): > > bash ~# CERTUSERFQDN="mike.wise...@utoronto.ca" openssl req -new > -newkey rsa:2048 -nodes -keyout mike.key -subj > "/C=CA/O=Bla/OU=Blurb/CN=Mike Wiseman" -out mike.req > > If that doesn't work, try to add "-extensions v3_req" at the end of > the command. > > > Ralf >
This works great! My last problem is that on the CSR edit page on the RA (viewCSR), the email address in the subject_alt_name does not get propagated to the subject_alt_name fields in the CSR edit page (viewCSR). I've turned the AUTOMATIC_SAN config off and on to no avail. Anybody know about this? Thanks, Mike ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
