Michael Leone via plug on 5 Feb 2020 08:32:33 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] openssl and specifying subjectAltName



On Wed, Feb 5, 2020 at 11:23 AM brent timothy saner via plug <plug@lists.phillylinux.org> wrote:
On 2/5/20 11:10, Michael Leone via plug wrote:
>
> Is that doable? I haven't seen how ...

nope; you haven't seen it because it isn't doable. OpenSSL expects a
static environment.

if you *really* don't want to write an openssl.cnf, just gen a CSR in
python with pyOpenSSL[0] or something. or turn up a managed PKI with
something like Vault[1].

These are Windows generated CSRs, I don't do the generating.

Is it possible to put it in a certificate extensions file, at least, rather than screwing around with the openssl.cnf each time? I can't seem to figure out how to phrase it.

subjectAltName=<hardcoded FQDN> - fails
subjectAltName=DNS:<hardcoded FQDN> - fails




[0] https://www.pyopenssl.org/en/stable/
[1] https://www.vaultproject.io/docs/secrets/pki/index.html

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


--

Mike. Leone, <mailto:turgon@mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>

This space reserved for future witticisms ...
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug