0

I have a config script that I use to give default values for my CSRs, obviously just specifying the FQDN I'm wanting to use. Generally the names will be like www.example.com.

However for most of my domains I also want the SAN example.com (ie no www). At the moment I'm manually editing my config file to change the last line of to the relevant domain:

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = example.com

But I'm wondering if this can be somehow left blank, and then the script prompt to ask for the alt_name(s) when running? I run something like:

sudo openssl req -new -sha256 -key example-com.key -out example-com.csr --config my-config-file.conf

Any pointers appreciated.

Thanks.

jww
  • 97,681
  • 90
  • 411
  • 885
user3204476
  • 51
  • 5
  • You should show your `configure.ac` or `configure.in` file. The only way I know to specify SAN names is through the config file. There are no options to do it. You might be able to build the name on the fly and use a [Bash Here Document](https://stackoverflow.com/q/2953081/608639) to pass it to OpenSSL. – jww Feb 10 '18 at 20:43
  • ***`CN=www.example.com`*** is probably wrong. Hostnames always go in the *SAN*. If its present in the *CN*, then it must be present in the *SAN* too (you have to list it twice in this case). For more rules and reasons, see [How do you sign Certificate Signing Request with your Certification Authority](http://stackoverflow.com/a/21340898/608639) and [How to create a self-signed certificate with openssl?](http://stackoverflow.com/q/10175812/608639) You will also need to place the self-signed certificate in the appropriate trust store. – jww Feb 10 '18 at 20:45
  • OK thanks - and apologies if the question was out of place! I'll stick with my config file, which seems to be working. – user3204476 Feb 10 '18 at 20:45
  • 1
    It is not a bad question. You just need to bring it back on-topic by showing your script. Otherwise, its just a question how to run commands. – jww Feb 10 '18 at 20:46
  • Where would I find my configure.in and configure.ac files? – user3204476 Feb 10 '18 at 20:49

0 Answers0