On 09/18/2013 09:53 AM, Eisenacher, Patrick wrote:
-----Please also note that adding extensions to a certificate request usually doesn't make any sense, as those get added to the certificate solely by the certificate issuer's grace.
hi, I seem to disagree, well, "usually" saves you :-) Setting your email address or a server name into the subjectaltname, how do you do this otherwise? setting commonname for the server, ok, setting an email attribute that will them be copied by the CA (and the email removed because it is depracated)? Setting ALL extensions makes a lot of sense, IMO a CA should not add and modify thngs, a CA should *validate* them. The requester indicates what should be in the cert. The current practice by some registrars to add example.org as another name when you have ordered www.example.com etc may be nice for some people, but annoying for others, at best a surprise when policy and practice documents do not even mention these behaviours. Peter Sylvester ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
