[prev in list] [next in list] [prev in thread] [next in thread]
List: opensuse
Subject: Re: [opensuse] openssl doesn't include Subject Alternative Name on SSL certificates
From: Alfredo Amaya <alfreito () gmail ! com>
Date: 2016-09-24 12:01:12
Message-ID: CAG5MJ3kFAt=a8xqSfeZPEX=6Uej7ywqZv+T=wVUoN30nytjfuQ () mail ! gmail ! com
[Download RAW message or body]
>> and I don't see the extensions. Do you? How do you see them?
>>
>
> bor@bor-Latitude-E5450:/tmp$ openssl x509 -text -noout -in
> san_domain_com.crt
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 17715959473418646696 (0xf5dbbb472455b4a8)
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
> Validity
> Not Before: Sep 24 07:01:29 2016 GMT
> Not After : Sep 22 07:01:29 2026 GMT
> Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (2048 bit)
> Modulus:
> ...
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> X509v3 Key Usage:
> Digital Signature, Non Repudiation, Key Encipherment
> X509v3 Subject Alternative Name:
> DNS:kb.example.com, DNS:helpdesk.example.org,
> DNS:systems.example.net, IP Address:192.168.1.1, IP Address:192.168.69.14
> Signature Algorithm: sha256WithRSAEncryption
> ...
> bor@bor-Latitude-E5450:/tmp$
I finally understand my mistake. In the article you link above I see
another param I was not using:
-extfile /etc/ssl/openssl.cnf
When I execute:
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey
new.cert.key -days 3650 -extensions v3_req -extfile
/etc/ssl/openssl.cnf
the cert file finally loads the SAN field. Thanks so much Andrei, you
put me on the right way!
And sorry, there's a typo in my first message. My alt_names section
looks like this:
# Alternatives DNS names for my webserver
[ alt_names ]
DNS.1 = server.local
DNS.2 = *.server.local
DNS.3 = server
DNS.4 = *.server
IP.1 = 192.168.0.110
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse+owner@opensuse.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic