> From: owner-openssl-us...@openssl.org On Behalf Of Hopkins, Nathan
> Sent: Thursday, 01 September, 2011 17:43
> Many thanks again, okay a little progress now... after creating the
> request by running;
> > openssl req -new -key server.key -out server.csr -config
customopenssl.cnf
>
> then viewi
Many thanks again, okay a little progress now... after creating the
request by running;
> openssl req -new -key server.key -out server.csr -config
customopenssl.cnf
then viewing with;
> openssl req -in server.csr -text -noout
I can see the S-A-N.
However when I then sign with;
> openssl x509 -re
On 01-09-2011 21:51, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
Sent: Thursday, 01 September, 2011 13:44
req_extensions will put the names in a CSR (signing request)
file when running the "req" command.
x509_extensions will put the names in the actual cert
> From: owner-openssl-us...@openssl.org On Behalf Of Rick Lopes de
Souza
> Sent: Tuesday, 30 August, 2011 15:46
> Another question is: Is there any problem to use a different kind of
key
> on the request that the Certificate Authority has?
No problem, as long as both algorithms
> From: owner-openssl-us...@openssl.org On Behalf Of Jakob Bohm
> Sent: Thursday, 01 September, 2011 13:44
> req_extensions will put the names in a CSR (signing request)
> file when running the "req" command.
>
> x509_extensions will put the names in the actual certificate
> file when running t
> From: owner-openssl-us...@openssl.org On Behalf Of Hopkins, Nathan
> Sent: Wednesday, 31 August, 2011 21:32
> I tested with below, all looks good. After running I am converting
> to .der files and generating a keystore with ImportKey.java -
> could this be removing what is n
Great thanks ...
So I've within the openssl.cnf file there are two x509_extensions entries.
First in the [ CA_default ] section...
x509_extensions = usr_cert
Second in the [ req ] section ...
x509_extensions = v3_ca
I have added the values;
SubjectAltName = @alt_names
[alt_names]
DNS.1 = serve
req_extensions will put the names in a CSR (signing request) file when
running the "req" command.
x509_extensions will put the names in the actual certificate file when
running the "x509" command.
On 9/1/2011 7:37 PM, Hopkins, Nathan wrote:
thanks - sorry my previous post wasn't clear enoug
thanks - sorry my previous post wasn't clear enough, the req_extensions value
references the section I put the subject. and alt names in...
req_extensions = v3_req
[ v3 req ]
SubjectAltName = @alt_names
Should this work?
- Original Message -
From: owner-openssl-us...@openssl.org
To:
Ah, there it is.
The "SubjectAltName = @alt_names" line is in the wrong section of your file.
You need to find the line that says "x509_extensions" (There may be more
than
one, try to find the one that is used). That line contains the name of
another
section, and that other section is the on
Apologies I'm not sure I follow what you mean with below;
I have copied openssl.cnf to customopenssl.cnf then edited the below lines to
allow multiple hosts….
req_extensions = v3_req
SubjectAltName = @alt_names
[alt_names]
DNS.1 = server.domain.com
DNS.2 = server
Do I need to add more?
you might want to read the description of the -extfile parameter of the x509
command
an excerpt from curl-7.21.6/tests/certs/scripts/genserv.sh available at
curl.haxx.se
$OPENSSL req -config $PREFIX-sv.prm -newkey rsa:$KEYSIZE -keyout $PREFIX-sv.key
-out $PREFIX-sv.csr
$OPENSSL rsa -in $
12 matches
Mail list logo