got it now… the script I was using was directing it to a different openssl.cnf than the one I was editing. I obviously moved a copy of the entire directory to play with a copy and not the real CA.
Thanks all Craig On May 23, 2013, at 10:28 AM, Jakob Bohm wrote: > On 5/23/2013 6:21 PM, Craig White wrote: >> hmmm… I guess it may not be there but it's there in the cert that I signed >> with my CA self which is using the same csr >> >> Is there something wrong with the way I am generating them? >> >> openssl req -new -nodes \ >> -out $CERTPATH/http.csr \ >> -keyout $CERTPATH/http.key \ >> -days 3650 \ >> -config $CONFIG > > Depends what is in your config! > > In the config I use for such I have (other lines omitted for clarity): > > [req] > > # Other stuff > > req_extensions = v3_req > > [ v3_req ] > > # Other stuff > > subjectAltName = @alt_names > > [alt_names] > # Remember to repeat the CN as one of the ALT Names, > # Someone published an RFC that said to ignore the CN if there are > # any ALT names and some idiots implemented this misprint > # literally. > # The lines that start with DNS are for "DNS names", that is web > # servers etc., there are other words to use for other name > # types, and those type indicators become part of the request > # (and the certificate if it copies the alt names) > DNS.0 = www.example.com > DNS.1 = example.com > DNS.2 = web.example.com > > >> >> openssl ca \ >> -config $CONFIG \ >> -policy policy_anything \ >> -out $CERTPATH/http.pem \ >> -infiles $CERTPATH/http.csr > > Does the config file used by your CA say to copy the Alt names > extension from the requests? > > > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com > Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org -- Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.wh...@ttiltd.com 1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com Using Assessments to Create Agile Organizations Webinar https://www4.gotomeeting.com/register/480934271 March 21, 2013, 12pm EDT Transform your company into a thriving, agile organization that is able to respond immediately to changing customer demands. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
