Hi! I try to use OpenSSL 0_9_8l version for creation of certificate with SubjectAlternativeName. I have couple of problems and may be you will be able to help me. 1) I did not success to create certificate with more than one alternative identifier. I used the command:
openssl x509 -req -days 365 -passin pass:pwd -in cert.csr -extfile ext.txt -signkey certkey.pem -out certcert.pem In the ext.txt file I have used the example described here: http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_ The problem that after the creation of the certificate it contains only one alternative identifier – the last identifier listed in the file. For example, if the last line is the following: subjectAltName=IP:13::17 the certificate contains only this identifier: X509v3 Subject Alternative Name: IP Address:13:0:0:0:0:0:0:17 If the last line is the following: subjectAltName=dirName:dir_sect the certificate contains only this identifier: X509v3 Subject Alternative Name: DirName:/C=UK/O=My Organization/OU=My Unit/CN=My Name How can I create the certificate with more than one alternative identifier? Should I change any configuration in openssl.cnf? 2) Where can I find the example for otherName in ASN1 format? Unfortunately, the example shown in the link above does not contain the ASN1 format: subjectAltName=otherName:1.2.3.4;UTF8:some other identifier In addition, the provided link http://www.openssl.org/docs/crypto/ASN1_generate_nconf.html# does not contain ASN1 example that can be used for the creation of otherName Alternative identifier. Can you provide the example of the external file that will allow the creation of otherName Alternative identifier in ASN1 format? Thank for your help, Michael -- View this message in context: http://old.nabble.com/SubjectAlternativeName-support-%280_9_8l-version%29-tp26957833p26957833.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
