> From: owner-openssl-us...@openssl.org On Behalf Of Craig White > Sent: Thursday, 23 May, 2013 15:31
> On May 23, 2013, at 10:28 AM, Jakob Bohm wrote: <snip> > I think you have hit the nail on the head. The > subjectAltName(s) aren't getting included in requests but are > being included in certificates which are drawn from the same > config file. I was assuming that it would work but it isn't. > The same file, but 'req' and 'ca' (mostly?) use different sections. > I moved the subjectAltName definition to various sections > included v3_req and changed it to this. > subjectAltName = email:copy, DNS:copy, @alt_names > > but still no go - subjectAltName is not making it into the csr. > > Finally tried > > $ openssl req -new -nodes \ > -out $CERTPATH/http.csr \ > -keyout $CERTPATH/http.key \ > -days 3650 \ > -config $CONFIG \ > -extensions v3_req > > but still not in the csr. > > Obviously I am missing something important in my reading of > the documentation. > req -new -reqexts should put into a CSR. req -new -x509 -extensions should put into a selfsigned cert. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org