My question asked earlier and helpfully answered by Jim Fox opened a
whole can of worms for me. Googling around I found no two sites
that to
my untrained eye seem to do these steps in the same way. So I
borrowed a
few bits and pieces here and there and came up with these very newbie
steps to create a local mini-CA (think that's the term) which will be
used to sign a certificate for a local server to test secure web &
mail.
Would anyone in the know please be so kind to tell me if these
steps are
correct and if not rectify them? If you feel generous please enlighten
me how I can add to the server certificate a second hostname with
SubjectAltNames :)
I don't use the openssl app for its CA tools, but I believe you must
edit the openssl.cnf file.
In it there is a "[ req ]" section with a "req_extensions" parameter
(may be commented out).
Uncomment it and go to where it points ( often 'v3_req')
In the "v3_req" section add
subjectAltName=DNS:foo.bar.edu,DNS:bar.edu
That will add the names to your request. I think the default for
openssl's CA signer is to preserve the alt names. Don't know of any
command-line option to openssl to do this.
Jim
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
