For setup of a Postfix box that will serve multiple virtual domains, I would like to generate one cert for all hostnames at which this box will be able to be reached.

Following an example in a post from Victor Duchovni [0], I configured the subjectAltName parameter in openssl.cnf with four hostnames and generated a cert. However, I still see only one CN in the resulting cert.

I've pasted below the subjectAltName stuff from my openssl.cnf, and here are the commands I used to generate the cert:

openssl req -new -nodes -keyout /root/CA/private/lance-cyrus.key \
 -out csrs/lance-cyrus.csr -config ./openssl.cnf \
 -extensions server

openssl ca -out certs/lance-cyrus.pem \
 -in csrs/lance-cyrus.csr -config ./openssl.cnf \
 -extensions server

But when I view the cert with this command I only see one CN:

openssl x509 -in certs/lance-cyrus.pem -noout -text

Thanks in advance for clues on getting subjectAltName working.



from my openssl.cnf:

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# Some CAs do not yet support subjectAltName in CSRs.
# Instead the additional names are form entries on web
# pages where one requests the certificate...
subjectAltName          = @alt_names

DNS.1   =
DNS.2   =
DNS.3   =
DNS.4   =

OpenSSL Project                       
User Support Mailing List          
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to