Hi,
On Mon, 21 Oct 2013, lejeczek wrote:
ok, above doesn't get me much more than what was in my command line but still no! subjectAltNames, I had a similar thought to what Quanah suggested but first, before I try different ssl toolchain I shall assume it is me messing thing up. I definitively have subjectAltNames in my request, the I sign:
Do you have them in the resulting request or certificate or do you have them ?
If you do have them then you should see them in the resulting request or certificate file.
openssl x509 -req -extensions v3_req -days 365 -in .... -signkey ... -out ...
where is the problem?
where are you specifying the actual subjectAltNames ?
I use following in the specific openssl.cnf I use for signing.
[ v3_req ] subjectAltName = $ENV::ALTNAME
I then supply the subjectAltnames and the COMMONNAME using the environment:
env COMMONNAME=$fqdn ALTNAME=$subjectAltName openssl req -new -nodes -keyout $CERTDIR/$name.key -out $CERTDIR/$name.csr -config $CONFIG
Greetings Christian