Michael Leone on 26 Jun 2019 09:32:20 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Chrome and Certificates (WAS:Fwd: Confused - certificate is valid in IE/Edge but not in Chrome?)

On Wed, Jun 26, 2019 at 12:23 PM Michael Leone <turgon@mike-leone.com> wrote:
> On Wed, Jun 26, 2019 at 10:28 AM brent timothy saner <brent.saner@gmail.com> wrote:
>> >
>> Yep. Not even "can"; "is".
>> FWIW, I believe you can tell openssl to include any SANs in the CSR
>> automatically (but you'd still need to define those in the config used
>> to generate the CSR).
> AH. But I am not creating the CSR (from openssl).  The CSR is coming from the client, which is an IIS server. So what do I do, include those @alt_names in the [ server-cert ] section?
> And how then do I tell openssl to include those options in the signed cert (as opposed to putting it in the CSR, which I am not creating with openssl)?

OK, so I figured that out. I put the subjectAltNames in the "[
server_cert ]" section, and applied it with the "-extensions
server_cert" option.

So: last question: how do I specify "commonName" as one of those
options in "altNames"? I can't do "DNS.1 = commonName" - that just
gives me the text.. And it's not a variable, apparently, as
$commonName didn't work, either.

So is there a way I can say DN.1 = commonName of the requestor? Or do
I just have to suck it up, and hard code it?
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug