Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sat Nov 18, 2017 4:21 pm


Firewals, computer, server and network security, kernel and applications security of FreeBSD/Linux/AIX systems.

Author Message
mandrei99
Post  Post subject: OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM  |  Posted: Thu Jan 08, 2015 11:59 am

Joined: Tue Aug 04, 2009 9:16 am
Posts: 245

Offline
 

OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM

How to copy x509 extensions from CSR to signed PEM with OpenSSL

Edit openssl.cnf, go to the authority section, my case "[ CA_default ]" and uncomment the following line:
Code:
# Extension copying option: use with caution.
copy_extensions = copy


This is often required for x509 extension Subject Alternative Name. SubjectAltName is a x509 extension that permits various literal values to be included in the signed certificate. It is used for ipsec VPNs, more precisely for IKE Phase 1 authentication.

Ipsec Ike phase1 authentication is performed against EMAIL, DNS, IP or DIRNAME subject alternative names. In many cases, this is set by the certificate authority that signs the certificate, overwriting what is sent in the signing request, but in some cases, it is desired to copy these extensions from the signing request as they were added by the initiator of the request.





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "OpenSSL certificate authority (CA) - how to copy x509 extensions from CSR to signed PEM"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. How to check HTTPS site certificate chain with OpenSSL

mandrei99

0

1144

Fri Oct 04, 2013 10:39 am

mandrei99 View the latest post

There are no new unread posts for this topic. OpenSSL signing error: The countryName field needed to be the same in the CA certificate and the req

mandrei99

0

2901

Thu Jan 08, 2015 11:38 am

mandrei99 View the latest post

 

Who is online
Users browsing this forum: No registered users and 1 guest
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO