On Sat, 20 Jun 2020 at 10:21, Michael Ströder wrote:
>
> On 6/18/20 9:12 AM, Williams, Gareth wrote:
> > I can successfully add a multi-value RDN to the Subject of a
> > certificate request using the + format in the config file:
> > [..]
> > However, if I add a SAN to the request:
> > [..]
> >
On 6/18/20 9:12 AM, Williams, Gareth wrote:
> I can successfully add a multi-value RDN to the Subject of a
> certificate request using the + format in the config file:
> [..]
> However, if I add a SAN to the request:
> [..]
> the resulting request has them as separate RDNs (as if the + is not
>
I can successfully add a multi-value RDN to the Subject of a
certificate request using the + format in the config file:
distinguished_name = req_dn
[ req_dn ]
O=Acme
CN=Bloggs
+C=GB
However, if I add a SAN to the request:
subjectAltName = @alt_names
[ alt_names ]
Hi folks,
I'm looking for openssl information on extracting a certificate's list of
Subject Alternative names for matching a query substring to select a
certificate in particular contexts. All the openssl sample code that I've
managed to find seems to be more heavy-weight than I'm interested
Hi all,
I have to generate a KDC certificate containing Subject alternative name
extension using openssl which includes the following details:
**
The KDC's X.509 certificate MUST contain name
Vinay Kumar L wrote:
Hi all,
I have to generate a KDC certificate containing Subject alternative
name extension using openssl which includes the following details:
**
The KDC's X.509 certificate
[ subjectAltName ]
DNS = $ENV::DNSNAME
On 08/24/2010 07:47 AM, Gerald Iakobinyi-Pich wrote:
Hello,
I have managed to create a certificate containing different values for
the subject alternative name. But now I would like to be able to set
this value (this alternative names) from the command line, when I
Hello,
I have managed to create a certificate containing different values for
the subject alternative name. But now I would like to be able to set
this value (this alternative names) from the command line, when I
invoke OpenSSL. Is there any possibility to do that? My target here is
to avoid
Hi!
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 15:03 -0500:
On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
(So DER encoding is used, and it is allowing 128 byte long
length fields allowing 2^1024 [a number taking four and a half
line in xterm because 309
) using Subject
Alternative Name. I have succeeded in creating a certificate with 500
DNS
entries and it works just fine with no noticeable latency accessing the
web
sites listed via the SAN in the certificate. However, I run into a
problem
when I create a certificate with more than 500 SAN
* Victor Duchovni wrote:
The SSL/TLS record layer has a maximum record size, a
certificate probably needs to fit into one record, so if your
500+ domains generate a certificate that is larger than ~16K
bytes, you may be out of luck.
(I just ask for curiosity, not because I have any problem
--
View this message in context:
http://old.nabble.com/Subject-Alternative-Name-Help-tp27539914p27565135.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
On Fri, Feb 12, 2010 at 12:41:16PM +0100, Steffen DETTMER wrote:
* Victor Duchovni wrote:
The SSL/TLS record layer has a maximum record size, a
certificate probably needs to fit into one record, so if your
500+ domains generate a certificate that is larger than ~16K
bytes, you may be out
* Victor Duchovni wrote on Fri, Feb 12, 2010 at 14:20 -0500:
The limit is not (only?) an X.509 limit, rather the SSL/TLS
record layer cannot carry messages larger than 2^14 bytes (plus
some overhead for compression algorithms which provably need to
be able to make some records larger in order
On Fri, Feb 12, 2010 at 08:35:09PM +0100, Steffen DETTMER wrote:
(So DER encoding is used, and it is allowing 128 byte long
length fields allowing 2^1024 [a number taking four and a half
line in xterm because 309 decimal digits long] bytes long value
fields sufficient to enumerate
I am using OpenSSL to create a self sign certificate and have a need to add
approximately 4000, yes 4000, DNS entries (don't ask why) using Subject
Alternative Name. I have succeeded in creating a certificate with 500 DNS
entries and it works just fine with no noticeable latency accessing
On Wed, Feb 10, 2010 at 03:23:03PM -0800, rono16 wrote:
I am using OpenSSL to create a self sign certificate and have a need to add
approximately 4000, yes 4000, DNS entries (don't ask why) using Subject
Alternative Name. I have succeeded in creating a certificate with 500 DNS
entries
-0800 (PST)
From: mohammed khan [EMAIL PROTECTED]
Subject: How to add X509v3 Subject Alternative Name into cert created by
openssl
To: [EMAIL PROTECTED]
Hi,
I need to create a certificate having Subject Alternative name in it but don't
know how.
I am using OpenSSL 0.9.8b 04 May 2006
I???d
For example: set emailAddress in [ req_distinguished_name ] of your
configuration, then direct it in [ usr_cert ] with subjectAltName=email:copy
...
X509v3 Subject Alternative Name:
email:[EMAIL PROTECTED]
...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED
khan
Subject: RE: [FWD] How to add X509v3 Subject Alternative Name into cert
createdby openssl
For example: set emailAddress in [ req_distinguished_name ] of your
configuration, then direct it in [ usr_cert ] with subjectAltName=email:copy
...
X509v3 Subject Alternative Name:
email:[EMAIL
Hi,
I am looking for a solution to add X509v3 Subject Alternative Name into the
cert with openssl. The subject Alternative Name I need to add is in the
format of
Other Name:
Principal [EMAIL PROTECTED]
Can any one show me how to achieve it? I really appreciate your help.
Thanks,
Yang
Yang Wang wrote:
Hi,
I am looking for a solution to add X509v3 Subject Alternative Name into the
cert with openssl. The subject Alternative Name I need to add is in the
format of
Other Name:
Principal [EMAIL PROTECTED]
Can any one show me how to achieve it? I really appreciate your
Hello,
I'm trying to make subject alternative names work as extensions specified in
the request and not during the signing process.
I can specify subjectAltName = DNS:whatever in the extensions section of
the configuration file. If I do this during signing the request (as a CA)
then the signed
On Wed, May 18, 2005, Marton Anka wrote:
Hello,
I'm trying to make subject alternative names work as extensions specified in
the request and not during the signing process.
I can specify subjectAltName = DNS:whatever in the extensions section of
the configuration file. If I do this
Look for copy_extensions in the ca manual page.
Stephen - thanks for the quick answer!
-Marton
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
to parse AlternateName?
PS Please don't post in HTML.
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of alan alan
Sent: 17 December 2004 05:05
To: [EMAIL PROTECTED]
Subject: How to add X509v3 Subject Alternative Name into the cert with
openssl?
Hi,
How
On Fri, Dec 17, 2004, alan alan wrote:
Hi,
How to add X509v3 Subject Alternative Name into the cert with openssl?
Such as:
X509v3 extensions:
X509v3 Subject Alternative Name: critical
IP Address:192.168.0.188
How to use openssl to realize this?
Thanks
Hi,
How to add X509v3 Subject Alternative Name into the cert with openssl?
Such as:
X509v3 extensions: X509v3 Subject Alternative Name: critical IP Address:192.168.0.188
How to use openssl to realize this?
Thanks.
Regards.
alan.
Do You Yahoo!?
28 matches
Mail list logo