Jakob Bohm wrote:
> On 1/7/2014 12:17 AM, Biondo, Brandon A. wrote:
>> I am using ‘ca’ not ‘x509’. It too ignores/discards extensions. Turning
>> on copy_extensions solved the issue though, thanks. I have some
>> follow-up questions:
>>
>> 1.If including SANs in CSRs is non-standard, what is the ac
Brandon A.
Sent: Monday, January 06, 2014 18:18
To: openssl-users@openssl.org
Subject: RE: OpenSSL CA and signing certs with SANs
I am using 'ca' not 'x509'. It too ignores/discards extensions. Turning on
copy_extensions solved the issue though, thanks. I have some follow-up
q
those specific SANs, as well as any other
unusual extensions.
*From:*owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] *On Behalf Of *Dave Thompson
*Sent:* Monday, January 06, 2014 5:38 PM
*To:* openssl-users@openssl.org
*Subject:* RE: OpenSSL CA and signing certs with SANs
You might want to ask the CAcert folks what they do. I generate certs
thru them with SANs all the time.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
__
OpenSSL Project http://
icate?
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dave Thompson
Sent: Monday, January 06, 2014 5:38 PM
To: openssl-users@openssl.org
Subject: RE: OpenSSL CA and signing certs with SANs
It is debatable whether putting SAN in the request is really '
On Mon, Jan 06, 2014 at 09:16:16PM +, Biondo, Brandon A. wrote:
> I am having trouble tracking down information regarding how you
> reconfigure an OpenSSL CA to handle SANs in requests. When you use
> an OpenSSL CA to sign this type of request, the certificate is made
> without issue but the S
It is debatable whether putting SAN in the request is really 'proper';
I don't know of any 'real' (public) CA that accepts it that way.
But for openssl:
If you are using 'ca', set copy_extensions in the config file. See the man
page.
If you are using 'x509 -req', that ignores/discards ex
