and I don't see the extensions. Do you? How do you see them?
bor@bor-Latitude-E5450:/tmp$ openssl x509 -text -noout -in san_domain_com.crt Certificate: Data: Version: 3 (0x2) Serial Number: 17715959473418646696 (0xf5dbbb472455b4a8) Signature Algorithm: sha256WithRSAEncryption Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd Validity Not Before: Sep 24 07:01:29 2016 GMT Not After : Sep 22 07:01:29 2026 GMT Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: ... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Key Usage: Digital Signature, Non Repudiation, Key Encipherment X509v3 Subject Alternative Name: DNS:kb.example.com, DNS:helpdesk.example.org, DNS:systems.example.net, IP Address:192.168.1.1, IP Address:192.168.69.14 Signature Algorithm: sha256WithRSAEncryption ... bor@bor-Latitude-E5450:/tmp$
I finally understand my mistake. In the article you link above I see another param I was not using: -extfile /etc/ssl/openssl.cnf When I execute: openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 3650 -extensions v3_req -extfile /etc/ssl/openssl.cnf the cert file finally loads the SAN field. Thanks so much Andrei, you put me on the right way! And sorry, there's a typo in my first message. My alt_names section looks like this: # Alternatives DNS names for my webserver [ alt_names ] DNS.1 = server.local DNS.2 = *.server.local DNS.3 = server DNS.4 = *.server IP.1 = 192.168.0.110 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org