Comments on: Configuring ssl requests with SubjectAltName with openssl http://blog.loftninjas.org/2008/11/11/configuring-ssl-requests-with-subjectaltname-with-openssl/ Sat, 21 Jan 2012 06:46:54 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Casper http://blog.loftninjas.org/2008/11/11/configuring-ssl-requests-with-subjectaltname-with-openssl/comment-page-1/#comment-6523 Casper Fri, 25 Nov 2011 22:48:37 +0000 http://blog.loftninjas.org/?p=264#comment-6523 Thanks!! That was what I was looking at, and I solve the removal by doing something like this: ... if ! $SAN then cat openssl.cnf | sed '/^subjectAltName/d' > openssl-noalt.cnf cnf=openssl-noalt.cnf openssl csr ... -config $cnf ... This is part of a bunch of scripts I use to run my internal CA.... Thanks!!

That was what I was looking at, and I solve the removal by doing something like this:

if ! $SAN then
cat openssl.cnf | sed ‘/^subjectAltName/d’ > openssl-noalt.cnf
cnf=openssl-noalt.cnf

openssl csr … -config $cnf

This is part of a bunch of scripts I use to run my internal CA….

]]> By: Josh http://blog.loftninjas.org/2008/11/11/configuring-ssl-requests-with-subjectaltname-with-openssl/comment-page-1/#comment-6153 Josh Thu, 29 Sep 2011 06:49:58 +0000 http://blog.loftninjas.org/?p=264#comment-6153 Howdi, FYI I have managed to get openssl to prompt for DNS alt names but including subjectAltName in the req_attributes section of openssl.cnf: [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name # include a prompt for alternative names... subjectAltName = Alternative DNS names (comma seperated list) subjectAltName_default = DNS:myhost.com.au Cheers Josh Howdi,
FYI I have managed to get openssl to prompt for DNS alt names but including subjectAltName in the req_attributes section of openssl.cnf:

[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name

# include a prompt for alternative names…
subjectAltName = Alternative DNS names (comma seperated list)
subjectAltName_default = DNS:myhost.com.au

Cheers
Josh

]]> By: Chris J. http://blog.loftninjas.org/2008/11/11/configuring-ssl-requests-with-subjectaltname-with-openssl/comment-page-1/#comment-3061 Chris J. Mon, 17 May 2010 15:08:10 +0000 http://blog.loftninjas.org/?p=264#comment-3061 New at this. Not quite clear yet. Trying to add some subjectAltName. Here is my openssl config [ req ] default_bits = 1024 distinguished_name = req_DN prompt = no [ req_DN ] countryName = US stateOrProvinceName = Massachusetts localityName = Charlestown 0.organizationName = MGH NMR Center organizationalUnitName = Computing commonName = NODENAME.DOMAINNAME emailAddress = systems@nmr.mgh.harvard.edu This works for our single name case and it doesn't have a x509_extensions section. What exactly goes where please? New at this. Not quite clear yet. Trying to add some subjectAltName. Here is my openssl config

[ req ]
default_bits = 1024
distinguished_name = req_DN
prompt = no
[ req_DN ]
countryName = US
stateOrProvinceName = Massachusetts
localityName = Charlestown
0.organizationName = MGH NMR Center
organizationalUnitName = Computing
commonName = NODENAME.DOMAINNAME
emailAddress = systems@nmr.mgh.harvard.edu

This works for our single name case and it doesn’t have a x509_extensions section.

What exactly goes where please?

]]> By: — Somewhere out there! http://blog.loftninjas.org/2008/11/11/configuring-ssl-requests-with-subjectaltname-with-openssl/comment-page-1/#comment-990 — Somewhere out there! Thu, 13 Nov 2008 20:08:34 +0000 http://blog.loftninjas.org/?p=264#comment-990 [...] Configuring ssl requests with SubjectAltName with openssl [...] [...] Configuring ssl requests with SubjectAltName with openssl [...]

]]> By: Jason http://blog.loftninjas.org/2008/11/11/configuring-ssl-requests-with-subjectaltname-with-openssl/comment-page-1/#comment-984 Jason Wed, 12 Nov 2008 19:15:00 +0000 http://blog.loftninjas.org/?p=264#comment-984 Good info. I've got alternative subjects on my list of things to do to handle the load-balancing of some LDAP services, and this is good info to have. Thanks for sharing. Good info. I’ve got alternative subjects on my list of things to do to handle the load-balancing of some LDAP services, and this is good info to have. Thanks for sharing.

]]>