24.09.2016 05:19, Alfredo Amaya пишет:
Hi, I'm using Leap 42.1 and I'm trying enabling SSL on my Apache server.
Based on this documentation: https://doc.opensuse.org/documentation/leap/reference/html/book.opensuse.ref...
I'm trying to generate a self-signed certificate for my own server. So, I make a backup of this file:
# cp /etc/ssl/openssl.cnf /etc/ssl/openssl.bak
and on the [ req ] section I uncomment the line req_extensions = [ v3_req ]
Next, on section [ v3_req ] I add the following line:
subjectAltName = @alt_names
Besides, at the end of this file I add the [ alt_names ] section:
# Alternatives DNS names for my webserver [ alt_names ]
DNS.1 = server.local DNS.1 = *.server.local DNS.1 = server DNS.1 = *.server IP.1 = 192.168.0.110
Next, I execute this command (read on documentation above) as root:
# openssl req -new > new.cert.csr
At this point, if I check the csr file I can see the Subject Alternative Name (SAN) field loaded:
# openssl req -text -noout -in new.cert.csr
Next step, I execute this command for generating the private key:
# openssl rsa -in privkey.pem -out new.cert.key
and this one for generating the public cert file:
# openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
You need to explicitly tell it to use extensions by using "-extensions v3_req". I do not know if it is possible to set defaults in openssl.cnf here. http://apetec.com/support/GenerateSAN-CSR.htm
Now, if I check this one:
# openssl x509 -in new.cert.cert -text -noout
I CAN'T SEE the SAN field.
Because of this I cannot use a single cert file for enabling SSL on my server for each DNS name. This is anomalous according the documentation available on internet. SAN field must be integrated into the cert file.
Is this a bug or am I wrong?
Thanks in advance!
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org