Re: [openssl-users] openssl.cnf asking Subject Alternative Names certificates.

[lists]

On 10/10/2017 05:40 PM, Jorge Novo wrote:
Hi everyone,
  As most of us know, the Google Chrome Navigator ask about Subject 
Alternative Name instead the Common Name.

I want to distribute a little /openssl.cnf/ file for creation the CSR 
files with my specific values and establish the Subject Alternative 
Name = Common Name. I want yo ask about the CN and assign this value 
to SAN.

This is my beta /openssl.cnf/ file:

*Sorry for the comments in Spanish

I do not how to set a variable (CN Variable) to assign to SAN value.
/
/

In my limited knowledge, you can't copy the CN name into the SAN in the 
configuration.
Obvious yet clumsy workaround is to have a shell script ask for the 
FQDN, set a shell variable with the CN value and then recall the ENV 
variable from inside openssl.cnf, or you can have the script dynamically 
write/edit opessl.cnf with the user-entered value.

/-------------------------------- 8< -------------------------------- 
8< -----------------------------------
/#
# Este fichero genera los CSR de nuestros sistemas con los paremetros
# acordados.
#
# openssl genrsa -aes256 -out www.rra.lan.key 2048 -config 
opensslMiCasa.cnf
#

# Establecemos un directorio de trabajo, el actual para ser exactos.

dir                             = .

[ req ]
default_bits                    = 2048    # Size of keys
default_keyfile                 = key.pem     # name of generated keys
default_md                      = sha256    # message digest algorithm
string_mask                     = nombstr     # permitted characters
distinguished_name              = req_distinguished_name
req_extensions                  = v3_req

[ req_distinguished_name ]
# Variable name                         Prompt string
#-------------------------  ----------------------------------
0.organizationName              = Nombre de la Organizacion
organizationalUnitName          = Mi Casa 
[Desarrollo|Infraestructuras|Laboratorio]
emailAddress                    = Cuenta de Correo
emailAddress_max                = 64
localityName                    = Localidad
stateOrProvinceName             = Comunidad Autónoma
countryName                     = ISO 3166-1 Codigo de País
countryName_min                 = 2
countryName_max                 = 2
commonName                      = Common Name

# Default values for the above, for consistency and less typing.
# Variable name                         Value
#------------------------ ------------------------------
0.organizationName_default      = Mi Casa
organizationalUnitName_default  = Mi Casa Infraestructuras
localityName_default            = Madrid
stateOrProvinceName_default     = Comunidad de Madrid
countryName_default             = ES

[ v3_req ]
basicConstraints                = CA:FALSE
subjectKeyIdentifier            = hash
subjectAltName                  =
//-------------------------------- //////>8// 
-------------------------------- >8 -----------------------------------//

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users