Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ

It is currently Tue Jun 06, 2023 8:30 am

ROOT ‹ FreeBSD, Linux and AIX ‹ Linux / BSD and Network Security ‹ OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM

Firewals, computer, server and network security, kernel and applications security of FreeBSD/Linux/AIX systems.

Post a reply

1 post • Page 1 of 1

OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM

« Previous topic | Next topic »

Author

Message

mandrei99

Post subject: OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM | Posted: Thu Jan 08, 2015 11:59 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 250

OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM

How to copy x509 extensions from CSR to signed PEM with OpenSSL

Edit openssl.cnf, go to the authority section, my case "[ CA_default ]" and uncomment the following line:

Code:

# Extension copying option: use with caution.
copy_extensions = copy

This is often required for x509 extension Subject Alternative Name. SubjectAltName is a x509 extension that permits various literal values to be included in the signed certificate. It is used for ipsec VPNs, more precisely for IKE Phase 1 authentication.

Ipsec Ike phase1 authentication is performed against EMAIL, DNS, IP or DIRNAME subject alternative names. In many cases, this is set by the certificate authority that signs the certificate, overwriting what is sent in the signing request, but in some cases, it is desired to copy these extensions from the signing request as they were added by the initiator of the request.

			Tweet
Follow @IvordeCom

You might also be interested in:
How to check HTTPS site certificate chain with OpenSSL. OpenSSL signing error: The countryName field needed to be the same in the CA certificate and the req.

Top

Post a reply

1 post • Page 1 of 1

Topics		Author	Replies	Views	Last post
Topics related to - "OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM"
	How to check HTTPS site certificate chain with OpenSSL	mandrei99	0	2953	Fri Oct 04, 2013 10:39 am mandrei99
	OpenSSL signing error: The countryName field needed to be the same in the CA certificate and the req	mandrei99	0	7890	Thu Jan 08, 2015 11:38 am mandrei99

Who is online

Users browsing this forum: No registered users and 1 guest

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Channel list

ROOT ‹ FreeBSD, Linux and AIX ‹ Linux / BSD and Network Security

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]