Hi All,
I am having trouble to use enable the Subject AlterName in generating CSR or signing the cert. I did google on it and found few places mentioning as below. Does it work ? or something has been broken? This is my configuration file : openssl.conf [ req ] req_extensions = v3_req [v3_req] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = ABC1.com DNS.2 = ABC5.com DNS.3 = ABC1*.com DNS.4 = ABC1.net I have downloaded both http://www.openssl.org/source/ ( do compile into executable) and also binary(https://www.openssl.org/related/binaries.html) to tried but I am not able to see my CSR or my cert being signed with my CA to have SAN. Generating CSR : D:\OpenSSL-1.0.1i-bin\work>openssl req -config openssl.conf -extensions v3_req -new -key keys\ san.key -out requests\san.csr D:\OpenSSL-1.0.1i-bin\work>openssl req -text -noout -in requests\ san.csr I could not see the SAN information. Sigining the Cert with my CA: D:\OpenSSL-1.0.1i-bin\work>openssl x509 -req -extfile openssl.conf -extensions v3_req -days 365 -in requests\san.csr -CA certs\ca.cer -CAkey keys\ca.key -set_serial 01 -out certs\san.cer Please enlightened me on this. Thanks in advance.
