On Wed, Mar 08, 2006 at 03:10:23PM -0500, Doug Frippon wrote: > Hi, I am trying to generate certificate that i,ll be using for a ipsec > segment between a OBSD 3.8 and a Windows worstation. I'm using ISAKMPD > for this on the OBSD side and the security filter on Windows. If I use > a pre-shared key everything is fine but with the certificate I'm > almost became mad. I'd like to know how to create X.509 certificate > with subjectAltName.
Did you try: http://www.google.com/search?q=openssl+subjectaltname You'll see lots of pages there explaining how to do it. If you want a simplified solution, I suggest TinyCA: http://tinyca.sm-zone.net/ This really just the openssl CA, but with a perl GUI (gtk) wrapper around it. You can easily configure it so that it prompts you for a subjectAltName at the time that each certificate is signed; this can contain either a domain name, an IP address, or an E-mail address. If you want it *really* easy, then just burn a CD of roCA: http://www.intrusion-lab.net/roca/ This is a bootable Knoppix (Linux) CD with TinyCA pre-installed. Just add a USB flash pen and you have a standalone fully-functioning openssl CA with fluffy GUI, without installing anything. I find a second USB pen is useful for copying CSRs to the CA and copying the certificates back again. HTH, Brian. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
