On Sun, 2007-09-23 at 20:40 -0700, Jim Fox wrote: > > > > My question asked earlier and helpfully answered by Jim Fox opened a > > whole can of worms for me. Googling around I found no two sites > > that to > > my untrained eye seem to do these steps in the same way. So I > > borrowed a > > few bits and pieces here and there and came up with these very newbie > > steps to create a local mini-CA (think that's the term) which will be > > used to sign a certificate for a local server to test secure web & > > mail. > > Would anyone in the know please be so kind to tell me if these > > steps are > > correct and if not rectify them? If you feel generous please enlighten > > me how I can add to the server certificate a second hostname with > > SubjectAltNames :) > > I don't use the openssl app for its CA tools, but I believe you must > edit the openssl.cnf file. > > In it there is a "[ req ]" section with a "req_extensions" parameter > (may be commented out). > Uncomment it and go to where it points ( often 'v3_req') > > In the "v3_req" section add > > subjectAltName=DNS:foo.bar.edu,DNS:bar.edu > > That will add the names to your request. I think the default for > openssl's CA signer is to preserve the alt names. Don't know of any > command-line option to openssl to do this.
Thanks Jim. That is most helpful. I will dig into this configuration file and give it a shot. Regards, Patrick ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
