| Michael Leone on 26 Jun 2019 09:32:20 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?) |
On Wed, Jun 26, 2019 at 12:23 PM Michael Leone <turgon@mike-leone.com> wrote: > > On Wed, Jun 26, 2019 at 10:28 AM brent timothy saner <brent.saner@gmail.com> wrote: >> >> > >> >> Yep. Not even "can"; "is". >> FWIW, I believe you can tell openssl to include any SANs in the CSR >> automatically (but you'd still need to define those in the config used >> to generate the CSR). >> > > AH. But I am not creating the CSR (from openssl). The CSR is coming from the client, which is an IIS server. So what do I do, include those @alt_names in the [ server-cert ] section? > > And how then do I tell openssl to include those options in the signed cert (as opposed to putting it in the CSR, which I am not creating with openssl)? OK, so I figured that out. I put the subjectAltNames in the "[ server_cert ]" section, and applied it with the "-extensions server_cert" option. So: last question: how do I specify "commonName" as one of those options in "altNames"? I can't do "DNS.1 = commonName" - that just gives me the text.. And it's not a variable, apparently, as $commonName didn't work, either. So is there a way I can say DN.1 = commonName of the requestor? Or do I just have to suck it up, and hard code it? ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug