On 01-09-2011 21:51, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Thursday, 01 September, 2011 13:44
req_extensions will put the names in a CSR (signing request)
file when running the "req" command.
x509_extensions will put the names in the actual certificate
file when running the "x509" command.
Small correction:
[req]req_extensions will put SubjectAltName (or other) in the CSR
for 'req -new' but 'x509 -req' ignores extensions in the CSR.
[$default_ca]x509_extensions will put in the cert (regardless of
the CSR) *for 'ca' which this OP is not using*. Also for 'ca'
[$default_ca]copy_extensions will put extensions from the CSR.
My point exactly, I was trying to keep the explanations simple for this
user.
[] OR []extensions, or -extsec, will put in the cert for 'x509 -req'.
But only if -extfile explicit; it doesn't have any config by default.
Hmm, the way I read the docs, "-extensions my_exts" should use the
extensions from section [my_exts] in openssl.cnf (or the file
specified with -config), however I assumed that this part of the
users setup was already working when I joined the discussion.
On 9/1/2011 7:37 PM, Hopkins, Nathan wrote:
thanks - sorry my previous post wasn't clear enough, the
req_extensions value references the section I put the
subject. and alt
names in...
req_extensions = v3_req
[ v3 req ]
SubjectAltName = @alt_names
Should this work?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
