24.09.2016 12:57, Alfredo Amaya пишет:
2016-09-24 8:03 GMT+01:00 Andrei Borzenkov
: 24.09.2016 09:52, Andrei Borzenkov пишет:
# openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
You need to explicitly tell it to use extensions by using "-extensions v3_req". I do not know if it is possible to set defaults in openssl.cnf here.
(I also tried the solution suggested above and the -extensions v3_req param. It doesn't work)
It does. I usually test things before explicitly recommend them.
I tried uncommenting the line
copy_extensions = copy
in the [ CA_default ] section. It doesn't work.
I tried adding the line
subjectAltName = @alt_names
to section [ v3_ca ] too. It doesn't work.
It blows my mind!
Blush ... just need to read "man x509" ...
Yeah, you mean the Bugs section?
No. I mean description how to include extensions in certificate by default.
"Extensions in certificates are not transferred to certificate requests and vice versa"
Which is exact reason why you need to tell it to add extensions (and which extensions) when generating certificate.
End of the road, I guess. :-(
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org