Hi Jason,
On 18/02/2019 07:23, Jason McIntyre wrote:
> if you agree with my comments below, could you mail us an updated diff
> and i'll try to prod some folks for oks.
Thanks for taking a look. I've dropped the changes with the exception of
s/CERTIP/CERTFQDN that is an actual bug and changing the file name to
indicate a copy.
If you look at /etc/x509v3.cnf you'll see that for the x509v3_FQDN
extension, the subjectAltName field is populated using $ENV::CERTFQDN,
not $ENV::CERTIP
Sevan
Index: sbin/isakmpd/isakmpd.8
===================================================================
RCS file: /cvs/src/sbin/isakmpd/isakmpd.8,v
retrieving revision 1.120
diff -u -p -r1.120 isakmpd.8
--- sbin/isakmpd/isakmpd.8 17 Apr 2018 12:13:29 -0000 1.120
+++ sbin/isakmpd/isakmpd.8 18 Feb 2019 14:19:42 -0000
@@ -626,12 +626,12 @@ with 10.0.0.1, then run:
# openssl x509 -req \e
-days 365 -in 10.0.0.1.csr \e
-CA /etc/ssl/ca.crt -CAkey /etc/ssl/private/ca.key \e
- -CAcreateserial -extfile /etc/ssl/x509v3.cnf \e
+ -CAcreateserial -extfile ~/tmp_x509v3.cnf \e
-extensions x509v3_IPAddr -out 10.0.0.1.crt
.Ed
.Pp
-For a FQDN certificate, replace
-.Dv $ENV::CERTIP
+For an FQDN certificate, replace
+.Dv $ENV::CERTFQDN
with the hostname and run:
.Bd -literal -offset indent
# openssl x509 -req \e
