I create a certificate request that includes -reqexts usr_cert. The [
usr_cert ] section specifies two additional names.
I display the request and see them:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Subject Alternative Name:
DNS:MYNOTEBOOK, DNS:localhost
X509v3 Extended Key Usage:
TLS Web Server Authentication
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
I then sign the request with
openssl.exe ca -in MYNOTEBOOK_server.req.pem -config CMC_root_config.cnf
-out MYNOTEBOOK_server.pem -verbose -cert CMC_root.pem -keyfile
CMC_root.key.pem
I see the two alternative names in the verbose output. The signed
certificate issues. But now it's missing the two alternative names. I see
only
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Signature Algorithm: sha1WithRSAEncryption
How do I get ca to keep my alternative names?
Thanks,
Charles
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
