I've issued certificates with multiple Subject Alternative Names, thus far usually with one DNS SAN, and at least two IP SAN's, without any problems. I usually add them on the RA interface (as they don't come through on CSRs generated with autosscep), but they always end up on the cert ....
This is on an installation that is at least two years old, running: OpenSSL 0.9.135.2.4 Tools 0.4.3 DB 2.0.5 Configuration 1.5.3 TRIStateCGI 1.5.5 REQ 0.9.61 X509 0.9.57 CRL 0.9.24 PKCS7 0.9.19 Regards, Buchan On Monday 08 September 2008 17:05:15 Mike Wiseman wrote: > I see from the archives that perhaps this can't be done. So how can one > issue a cert with a multi-valued SAN in OpenCA (without manually editing > the OpenSSL ext file)? > > > > OpenCA-Devel] > <http://sourceforge.net/mailarchive/message.php?msg_id=52465.193.150.166.44 >. 1109928151.squirrel%40193.150.166.44> SubjectAltNames ignored from > incoming PKCS#10 requests > > > > Mike > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mike > Wiseman > Sent: September-07-08 2:29 PM > To: Openca-Users@lists.sourceforge.net > Subject: [Openca-Users] Multiple DNS Values for SubjectAltName > > > > Hi, > > > > I'm trying to issue a cert with multiple 'DNS' values in the SAN from a CA. > The CSR, generated from an RA web interface, has the correct value for > SubjectAltName. I can see this in the CSR on the CA (transferred from the > RA) but, on signing, the resultant cert has no value for SAN. I've tried > manipulating the SUBJECT_ALT_NAME* config items in ca.conf with no luck. > Any suggestions? > > > > Thanks, > > > > Mike ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users