For setup of a Postfix box that will serve multiple virtual domains, I would like to generate one cert for all hostnames at which this box will be able to be reached.

Following an example in a post from Victor Duchovni [0], I configured the subjectAltName parameter in openssl.cnf with four hostnames and generated a cert. However, I still see only one CN in the resulting cert.

I've pasted below the subjectAltName stuff from my openssl.cnf, and here are the commands I used to generate the cert:

openssl req -new -nodes -keyout /root/CA/private/lance-cyrus.key \
 -out csrs/lance-cyrus.csr -config ./openssl.cnf \
 -extensions server

openssl ca -out certs/lance-cyrus.pem \
 -in csrs/lance-cyrus.csr -config ./openssl.cnf \
 -extensions server

But when I view the cert with this command I only see one CN:

openssl x509 -in certs/lance-cyrus.pem -noout -text

Thanks in advance for clues on getting subjectAltName working.

dn

[0] http://tinyurl.com/tqhhb

from my openssl.cnf:

[ v3_req ]

# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# Some CAs do not yet support subjectAltName in CSRs.
# Instead the additional names are form entries on web
# pages where one requests the certificate...
subjectAltName          = @alt_names

[alt_names]
DNS.1   = lance.eng.networktest.com
DNS.2   = mail.freedonia.gov
DNS.3   = mail.potrzebie.org
DNS.4   = mail.furshlugginer.org



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to