|
Hi, and thanks again for the assistance. I couldn't get this to work either. I think that something is
either wrong with my cnf file, or my command line batch file I use generate and
sign certificates is wrong. Is anyone willing to have a look at them? I know it's a bit long
but just on the offchance I've pasted the lot below. Many thanks. 1OpenSSL.cnf ---------------------------------------------- # # OpenSSL configuration file. # # Establish working directory. dir =
c:/ssl_test/sslcert [ ca ] default_ca =
CA_default [ CA_default ] serial =
$dir/serial database =
$dir/certindex.txt new_certs_dir =
$dir/certs certificate =
$dir/cacert.pem private_key =
$dir/private/cakey.pem default_days =
365 default_md =
md5 preserve =
no email_in_dn =
no nameopt =
default_ca certopt =
default_ca policy =
policy_match [ policy_match ] countryName =
match stateOrProvinceName =
match organizationName =
match organizationalUnitName =
optional commonName =
supplied emailAddress =
optional [ req ] default_bits =
1024 # Size
of keys default_keyfile =
key.pem # name of generated
keys default_md =
md5 #
message digest string_mask =
nombstr # permitted characters distinguished_name =
req_distinguished_name req_extensions =
v3_req [ req_distinguished_name ] # Variable name Prompt
string #------------------------- ---------------------------------- organizationName =
Organization Name (company) organizationalUnitName =
Organizational Unit Name (department, division) emailAddress =
Email Address emailAddress_max =
40 localityName =
Locality Name (city, district) stateOrProvinceName =
State or Province Name (full name) countryName =
Country Name (2 letter code) countryName_min =
2 countryName_max =
2 commonName =
Common Name 1(hostname, IP, or your name) commonName_default =
Server1.myDomain.local commonName_max =
64 [ usr_cert ] subjectAltName =
Common Name 2(hostname, IP, or your name) subjectAltName_default = Server2.
myDomain.local [ server_cert ] basicConstraints =
critical,CA:FALSE nsCertType
= server # Default values for the above, for consistency and less typing. # Variable name Value #------------------------
------------------------------ 0.organizationName_default = My Company localityName_default =
My Town stateOrProvinceName_default = State or countryName_default =
US [ v3_ca ] basicConstraints =
critical,CA:TRUE subjectKeyIdentifier =
hash authorityKeyIdentifier =
keyid:always,issuer:always [ v3_req ] basicConstraints =
critical,CA:FALSE subjectKeyIdentifier =
hash ------------------------------------------------------------- Command Line Instructions. openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out
cacert.pem -days 365 -config ./1openssl.cnf (Generates the CA) openssl req -new -nodes -out name-req.pem -keyout private/name-key.pem
-config ./1openssl.cnf (Generates the certificate request) openssl ca -out name-cert.pem -config ./1openssl.cnf -infiles
name-req.pem (Signs the certificate) This seems to generate a valid certificate, but only works when the app
is run on Server1.myDomain.local, and not on Server2.myDomain.local. Again, sorry this is a little long but I’m stuck! Thanks again all. Lee. |
- RE: Multiple commonNames or using subjectAltName problem... Lee Colclough
- Re: Multiple commonNames or using subjectAltName pr... Goetz Babin-Ebell
- RE: Multiple commonNames or using subjectAltName pr... Lee Colclough
- Re: Multiple commonNames or using subjectAltNam... Peter Sylvester
