How do I specify subjectAltName in the openssl cli?

nginx ssl openssl

Solution 1:

Try to write the subjectAltName to a temporary file (I'll name it hostextfile) like

basicConstraints=CA:FALSE
extendedKeyUsage=serverAuth
subjectAltName=email:[email protected],RID:1.2.3.4

and link to it in openssl command via "-extfile" option, for example:

openssl ca -days 730 -in hostreq.pem -out -hostcert.pem -extfile hostextfile

Solution 2:

The openssl command doesn’t provide a way to include extensions like the subjectAltName without writing a config file first. I have written a simple utility that does it all automatically. It's available on github: https://github.com/rtts/certify

Example use:

./certify example.com www.example.com mail.example.com

This will create a file named example.com.crt that contains a certificate with the Subject Alternative Names of example.com, www.example.com, and mail.example.com.

Related

Windows 2012 R2 start button not working over RDP
Avoiding swap on ElastiCache Redis
How to stop elastic beanstalk without terminating?
How do I assign an SELinux label to a symlink with semanage so it persists after a relabel?
How can I get postfix to send mail to different relay hosts?
How to use a heredoc inside a bash function?
Use puppet to set hostname?
What am I misunderstanding about calculating MTU?
Is my TCP connections sabotaged by my country's government?
How can I rotate many log files into a different subdirectory per rotation?
rsync error unexplained error (code 255) at io.c
Group Policy Result summary says DC is member of "BUILTIN\Administrators"