Add SAN with private CA

Question

I have a CSR with correct SAN info, the minute I generate a CRT with said csr it strips the SAN info.

openssl x509 -req -in xxx.csr -CA xxx.pem -CAkey xxx.key -CAserial xxx.srl -extensions v3_req -out xxx.crt -days 730 -sha256

SAN is manually added to the openssl.cnf so it inputs it fine into the CSR but will not with the CRT.

This is all self signed.

v3_req has the SAN info for injecting.

unable to load certificate 140070019593872:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE This is the error i get when using it without -req — ajankuv, Apr 20 '17 at 19:59
You said you are trying to 'generate' a certificate, with the extension for SAN. `x509` with `-req` is _one_ way (not the only way) to create a certificate, but it has restrictions on how to do extensions, including SAN. **`x509` without `-req` does not create a certificate at all**, and thus is completely wrong for your goal, which is why I did not suggest it. To repeat a THIRD time what is said in the other Q, **to create a cert with `x509 -req` and include extensions you must use `-extfile` and optionally `-extensions`** — dave_thompson_085, Apr 21 '17 at 04:11
In the cited dup, pay attention to `copy_extensions = copy`. — jww, Apr 21 '17 at 17:42
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306) — jww, Apr 21 '17 at 17:43
@jww only for `ca` which this OP is not using; `x509 -req` _never_ copies extensions and is completely unaffected by `copy_extensions` — dave_thompson_085, Apr 23 '17 at 06:38

Add SAN with private CA

0 Answers0

Linked