Just to update - I found the section in one of the apps that copies the extensions from the request. I was able to enable the EXT_COPY_ADD and was able to get my SANS in the cert as well as the request.
On Wed, Apr 24, 2013 at 6:44 PM, Derek Cole <derek.c...@gmail.com> wrote: > Hello, > > I have some code which I am using to generate a CSR and some code which I > am using to generate a cert using my cert authority. > > If I view the CSR, I can see that my alt names were added correctly. If I > view the cert itself, the altnames are not there. I had kind of thought > that if I had a CSR with the alt names in it, the cert would get them too. > Is that not correct? I am using the same CONF variable for both the CSR and > the cert, but I am adding the extensions for subject alt name > programmatically to the CSR (but not to the cert). I am doing this in a > similar way as the mkreq.c demo by pushing my extension objects onto a > stack and adding them before the X509_REQ_sign call. > > Do I need it in both places, or maybe just on the cert creation part and > nto the CSR? > > > Alternatively, is there a way to add subject alt names programmatically to > the config as an X509_EXTENSION object? Then I could perhaps just rely on > the configuration to set the alt names instead of trying to force the > X509_EXTENSION into the cert. > > Thanks for any help >