Re: Subject Alternative Name in TLS - does this work?

[Christian Kratzer <ck-lists@cksoft.de>]

Hi,

On Mon, 21 Oct 2013, lejeczek wrote:
> ok, above doesn't get me much more than what was in my command line but still 
> no! subjectAltNames,
> I had a similar thought to what Quanah suggested but first, before I try 
> different ssl toolchain I shall assume it is me messing thing up.
> I definitively have subjectAltNames in my request, the I sign:

Do you have them in the resulting request or certificate or do you have them ?

If you do have them then you should see them in the resulting request or certificate file.

> openssl x509 -req -extensions v3_req -days 365 -in .... -signkey ... -out ...
>
> where is the problem?

where are you specifying the actual subjectAltNames ?

I use following in the specific openssl.cnf I use for signing.

  [ v3_req ]
  subjectAltName = $ENV::ALTNAME

I then supply the subjectAltnames and the COMMONNAME using the environment:

  env COMMONNAME=$fqdn ALTNAME=$subjectAltName openssl req -new -nodes -keyout $CERTDIR/$name.key -out $CERTDIR/$name.csr -config $CONFIG


Greetings
Christian

--
Christian Kratzer                      CK Software GmbH
Email:   ck@cksoft.de                  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer