On 18/02/2019 14:35, Sevan Janiyan wrote:
> I've dropped the changes with the exception of
> s/CERTIP/CERTFQDN that is an actual bug and changing the file name to
> indicate a copy.
>
> If you look at /etc/x509v3.cnf you'll see that for the x509v3_FQDN
> extension, the subjectAltName field is populated using $ENV::CERTFQDN,
> not $ENV::CERTIP
Sorry about the noise, updated diff.
Sevan
Index: sbin/isakmpd/isakmpd.8
===================================================================
RCS file: /cvs/src/sbin/isakmpd/isakmpd.8,v
retrieving revision 1.120
diff -u -p -r1.120 isakmpd.8
--- sbin/isakmpd/isakmpd.8 17 Apr 2018 12:13:29 -0000 1.120
+++ sbin/isakmpd/isakmpd.8 18 Feb 2019 14:45:19 -0000
@@ -630,14 +630,14 @@ with 10.0.0.1, then run:
-extensions x509v3_IPAddr -out 10.0.0.1.crt
.Ed
.Pp
-For a FQDN certificate, replace
-.Dv $ENV::CERTIP
+For an FQDN certificate, replace
+.Dv $ENV::CERTFQDN
with the hostname and run:
.Bd -literal -offset indent
# openssl x509 -req \e
-days 365 -in somehost.somedomain.csr \e
-CA /etc/ssl/ca.crt -CAkey /etc/ssl/private/ca.key \e
- -CAcreateserial -extfile /etc/ssl/x509v3.cnf \e
+ -CAcreateserial -extfile ~/tmp_x509v3.cnf \e
-extensions x509v3_FQDN -out somehost.somedomain.crt
.Ed
.Pp
