Hi Jason, On 18/02/2019 07:23, Jason McIntyre wrote: > if you agree with my comments below, could you mail us an updated diff > and i'll try to prod some folks for oks.
Thanks for taking a look. I've dropped the changes with the exception of s/CERTIP/CERTFQDN that is an actual bug and changing the file name to indicate a copy. If you look at /etc/x509v3.cnf you'll see that for the x509v3_FQDN extension, the subjectAltName field is populated using $ENV::CERTFQDN, not $ENV::CERTIP Sevan
Index: sbin/isakmpd/isakmpd.8 =================================================================== RCS file: /cvs/src/sbin/isakmpd/isakmpd.8,v retrieving revision 1.120 diff -u -p -r1.120 isakmpd.8 --- sbin/isakmpd/isakmpd.8 17 Apr 2018 12:13:29 -0000 1.120 +++ sbin/isakmpd/isakmpd.8 18 Feb 2019 14:19:42 -0000 @@ -626,12 +626,12 @@ with 10.0.0.1, then run: # openssl x509 -req \e -days 365 -in 10.0.0.1.csr \e -CA /etc/ssl/ca.crt -CAkey /etc/ssl/private/ca.key \e - -CAcreateserial -extfile /etc/ssl/x509v3.cnf \e + -CAcreateserial -extfile ~/tmp_x509v3.cnf \e -extensions x509v3_IPAddr -out 10.0.0.1.crt .Ed .Pp -For a FQDN certificate, replace -.Dv $ENV::CERTIP +For an FQDN certificate, replace +.Dv $ENV::CERTFQDN with the hostname and run: .Bd -literal -offset indent # openssl x509 -req \e