证书不包括使用openssl的SAN名称
我的CSR列出了SAN名称,但当我在openssl中生成证书时,它们不会被复制到证书中 openssl.cnf设置为:证书不包括使用openssl的SAN名称,openssl,certificate,san,Openssl,Certificate,San,我的CSR列出了SAN名称,但当我在openssl中生成证书时,它们不会被复制到证书中 openssl.cnf设置为: [ req ] default_bits = 2048 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes x509_extensions = v3_c
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
req_extensions = v3_req
[ CA_default ]
# Extension copying option: use with caution.
copy_extensions = copy
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment,dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alternate_names
[alternate_names]
DNS.1 = ocmcUmtsPn-qa.stholdco.com
DNS.2 = ocmcUmtsSsu-qa.stholdco.com
DNS.3 = ocmcCdmaPn-qa.stholdco.com
DNS.4 = ocmcCdmaPn-qa.stholdco.com
DNS.5 = ocmcMessaging-qa.stholdco.com
DNS.6 = ocmcData-qa.stholdco.com
我做错了什么?向我们展示您用于生成CSR和执行签名的命令。另外,您不需要
数据加密
,因为您不希望人们使用服务器的公钥进行批量加密<代码>数字签名、密钥加密可以。相关:这是我使用的CONF文件和命令:。这是命令openssl ca-out certificates/ocmconsole-qa.pem-extensions v3_req-config./openssl.cnf-infiles requests/ocmconsole-qa.pem,我在互联网上找到了一个例子,我正在抓紧稻草。