证书不包括使用openssl的SAN名称

证书不包括使用openssl的SAN名称,openssl,certificate,san,Openssl,Certificate,San,我的CSR列出了SAN名称,但当我在openssl中生成证书时,它们不会被复制到证书中 openssl.cnf设置为: [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_c

我的CSR列出了SAN名称,但当我在openssl中生成证书时,它们不会被复制到证书中

openssl.cnf设置为:

[ req ]

default_bits            = 2048
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
attributes              = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = v3_req

[ CA_default ]

# Extension copying option: use with caution.
copy_extensions = copy

[ v3_req ]

# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment,dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alternate_names

[alternate_names]

DNS.1 = ocmcUmtsPn-qa.stholdco.com
DNS.2 = ocmcUmtsSsu-qa.stholdco.com
DNS.3 = ocmcCdmaPn-qa.stholdco.com
DNS.4 = ocmcCdmaPn-qa.stholdco.com
DNS.5 = ocmcMessaging-qa.stholdco.com
DNS.6 = ocmcData-qa.stholdco.com

我做错了什么?

向我们展示您用于生成CSR和执行签名的命令。另外,您不需要
数据加密
,因为您不希望人们使用服务器的公钥进行批量加密<代码>数字签名、密钥加密可以。相关:这是我使用的CONF文件和命令:。这是命令openssl ca-out certificates/ocmconsole-qa.pem-extensions v3_req-config./openssl.cnf-infiles requests/ocmconsole-qa.pem,我在互联网上找到了一个例子,我正在抓紧稻草。