I had the same question for subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:(copy emailAddress) In Windows the environment variable replacement only works if you set the variable before calling openssl for signing the request: set [EMAIL PROTECTED] openssl x509 -req ... Does anyone know if there is a way to copy emailAddress like in subjectAltName = email:copy
% man config config(5) OpenSSL config(5)
NAME
config - OpenSSL CONF library configuration filesDESCRIPTION
The OpenSSL CONF library can be used to read configuration
files. It is used for the OpenSSL master configuration
file openssl.cnf and in a few other places like SPKAC
files and certificate extension files for the x509 util-
ity.
...
Each section in a configuration file consists of a number
of name and value pairs of the form name=value
========== The name string can contain any alphanumeric characters as
well as a few punctuation symbols such as . , ; and _. The value string consists of the string following the =
character until end of line with any leading and trailing
white space removed. The value string undergoes variable expansion. This can be
==============================================
done by including the form $var or ${var}: this will sub-
stitute the value of the named variable in the current
section. It is also possible to substitute a value from
another section using the syntax $section::name or ${sec-
tion::name}. By using the form $ENV::name environment
variables can be substituted. It is also possible to
assign values to environment variables by using the name
ENV::name, this will work if the program looks up environ-
=========
ment variables using the CONF library instead of calling
getenv() directly. It is possible to escape certain characters by using any
kind of quote or the \ character. By making the last char-
acter of a line a \ a value string can be spread across
multiple lines. In addition the sequences \n, \r, \b and
\t are recognized.My guess is that what you want to substitute in is in the "value" part of a pair, and so the variable substituion should work, but the only real way to find out is to try it...
I'm sorry, I don't know how to call man under Windows :-)
-- Charles B (Ben) Cranston mailto: [EMAIL PROTECTED] http://www.wam.umd.edu/~zben
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
