On Sat, 20 Jun 2020 at 10:21, Michael Ströder wrote:
>
> On 6/18/20 9:12 AM, Williams, Gareth wrote:
> > I can successfully add a multi-value RDN to the Subject of a
> > certificate request using the + format in the config file:
> > [..]
> > However, if I add a SAN to the request:
> > [..]
> > the
On 6/18/20 9:12 AM, Williams, Gareth wrote:
> I can successfully add a multi-value RDN to the Subject of a
> certificate request using the + format in the config file:
> [..]
> However, if I add a SAN to the request:
> [..]
> the resulting request has them as separate RDNs (as if the + is not
> not
I can successfully add a multi-value RDN to the Subject of a
certificate request using the + format in the config file:
distinguished_name = req_dn
[ req_dn ]
O=Acme
CN=Bloggs
+C=GB
However, if I add a SAN to the request:
subjectAltName = @alt_names
[ alt_names ]
Hi folks,
I'm looking for openssl information on extracting a certificate's list of
Subject Alternative names for matching a query substring to select a
certificate in particular contexts. All the openssl sample code that I've
managed to find seems to be more heavy-weight than I'm interested
Vinay Kumar L wrote:
Hi all,
I have to generate a KDC certificate containing Subject alternative
name extension using openssl which includes the following details:
**
The KDC's X.509 certif
Hi all,
I have to generate a KDC certificate containing Subject alternative name
extension using openssl which includes the following details:
**
The KDC's X.509 certificate MUST contain na
[ subjectAltName ]
DNS = $ENV::DNSNAME
On 08/24/2010 07:47 AM, Gerald Iakobinyi-Pich wrote:
Hello,
I have managed to create a certificate containing different values for
the "subject alternative name". But now I would like to be able to set
this value (this alternative names) from the command
Hello,
I have managed to create a certificate containing different values for
the "subject alternative name". But now I would like to be able to set
this value (this alternative names) from the command line, when I
invoke OpenSSL. Is there any possibility to do that? My target here is
t
Hi!
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 15:03 -0500:
> On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
>
> > (So DER encoding is used, and it is allowing 128 byte long
> > length fields allowing 2^1024 [a number taking four and a half
> > line in xterm because 3
On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
> (So DER encoding is used, and it is allowing 128 byte long
> length fields allowing 2^1024 [a number taking four and a half
> line in xterm because 309 decimal digits long] bytes long value
> fields sufficient to enumerate
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 14:20 -0500:
> The limit is not (only?) an X.509 limit, rather the SSL/TLS
> record layer cannot carry messages larger than 2^14 bytes (plus
> some overhead for compression algorithms which provably need to
> be able to make some records larger in ord
On Fri, Feb 12, 2010 at 12:41:16PM +0100, Steffen DETTMER wrote:
> * Victor Duchovni wrote:
> > The SSL/TLS record layer has a maximum record size, a
> > certificate probably needs to fit into one record, so if your
> > 500+ domains generate a certificate that is larger than ~16K
> > bytes, you ma
this
> message. Thank you for your cooperation.
> P Please consider the environment before printing this e-mail
>
>
> __________
> OpenSSL Project http://www.openssl.org
> User Suppo
* Victor Duchovni wrote:
> The SSL/TLS record layer has a maximum record size, a
> certificate probably needs to fit into one record, so if your
> 500+ domains generate a certificate that is larger than ~16K
> bytes, you may be out of luck.
(I just ask for curiosity, not because I have any problem
roximately 4000, yes 4000, DNS entries (don't ask why) using Subject
>> Alternative Name. I have succeeded in creating a certificate with 500
>> DNS
>> entries and it works just fine with no noticeable latency accessing the
>> web
>> sites listed via the SAN in the cert
On Wed, Feb 10, 2010 at 03:23:03PM -0800, rono16 wrote:
>
> I am using OpenSSL to create a self sign certificate and have a need to add
> approximately 4000, yes 4000, DNS entries (don't ask why) using Subject
> Alternative Name. I have succeeded in creating a certificate with
I am using OpenSSL to create a self sign certificate and have a need to add
approximately 4000, yes 4000, DNS entries (don't ask why) using Subject
Alternative Name. I have succeeded in creating a certificate with 500 DNS
entries and it works just fine with no noticeable latency accessin
khan
Subject: RE: [FWD] How to add X509v3 Subject Alternative Name into cert
createdby openssl
For example: set emailAddress in [ req_distinguished_name ] of your
configuration, then direct it in [ usr_cert ] with subjectAltName=email:copy
...
X509v3 Subject Alternative Name:
email:[EMAIL
For example: set emailAddress in [ req_distinguished_name ] of your
configuration, then direct it in [ usr_cert ] with subjectAltName=email:copy
...
X509v3 Subject Alternative Name:
email:[EMAIL PROTECTED]
...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
:30:11 -0800 (PST)
From: mohammed khan <[EMAIL PROTECTED]>
Subject: How to add X509v3 Subject Alternative Name into cert created by
openssl
To: [EMAIL PROTECTED]
Hi,
I need to create a certificate having Subject Alternative name in it but don't
know how.
I am using OpenSSL 0.9.8
Yang Wang wrote:
> Hi,
>
> I am looking for a solution to add X509v3 Subject Alternative Name into the
> cert with openssl. The subject Alternative Name I need to add is in the
> format of
>
> Other Name:
> Principal [EMAIL PROTECTED]
>
> Can any one show
Hi,
I am looking for a solution to add X509v3 Subject Alternative Name into the
cert with openssl. The subject Alternative Name I need to add is in the
format of
Other Name:
Principal [EMAIL PROTECTED]
Can any one show me how to achieve it? I really appreciate your help.
Thanks,
Yang
> Look for "copy_extensions" in the ca manual page.
Stephen - thanks for the quick answer!
-Marton
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-use
On Wed, May 18, 2005, Marton Anka wrote:
> Hello,
>
> I'm trying to make subject alternative names work as extensions specified in
> the request and not during the signing process.
>
> I can specify "subjectAltName = DNS:whatever" in the extensions section of
> the configuration file. If I do th
Hello,
I'm trying to make subject alternative names work as extensions specified in
the request and not during the signing process.
I can specify "subjectAltName = DNS:whatever" in the extensions section of
the configuration file. If I do this during signing the request (as a CA)
then the signed
On Fri, Dec 17, 2004, alan alan wrote:
> Hi,
>
> How to add X509v3 Subject Alternative Name into the cert with openssl?
> Such as:
> X509v3 extensions:
> X509v3 Subject Alternative Name: critical
> IP Address:192.168.0.188
>
> How to
ation be FORCED to parse AlternateName?
PS Please don't post in HTML.
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of alan alan
Sent: 17 December 2004 05:05
To: [EMAIL PROTECTED]
Subject: How to add X509v3 Subject Alternative Name into the cert with
Hi,
How to add X509v3 Subject Alternative Name into the cert with openssl?
Such as:
X509v3 extensions: X509v3 Subject Alternative Name: critical IP Address:192.168.0.188
How to use openssl to realize this?
Thanks.
Regards.
alan.
Do You Yahoo!?
注册世界一流品质的雅虎免费电邮
28 matches
Mail list logo