证书中不存在主题备用名称 [英] Subject Alternative Name not present in certificate

问题描述

我生成了一个包含字段主题替代名称的 CSR:

I have generated a CSR that includes the field subject alt names:

openssl req -out mycsr.pem -new -key mykey.pem -days 365

当我检查它时，它看起来像预期的那样，出现了一个新字段:

When I inspect this it looks as expected with a new field present:

X509v3 Subject Alternative Name:
    DNS: my.alt.dns

但是，当我用它来签署证书时，由于某种原因，该字段被省略了.

However when I use this to sign a certificate that field is omitted for some reason.

我使用以下命令生成它:

I generate it with the following command:

openssl ca -out mycert.pem -infiles mycsr.pem

我的 CA 证书是否必须包含相同的 Alt 名称才能包含在内?

Can it be that my CA cert have to include the same Alt name for it to be included?

推荐答案

您可以使用:

copy_extensions = copy 

在 openssl.cnf 中的 CA_default 部分下.

under your CA_default section in your openssl.cnf.

但只有当您确定您可以信任 CSR 中的扩展时，如该线程中所指出的那样:http://openssl.6102.n7.nabble.com/subjectAltName-removed-from-CSR-when-signing-td26928.html

but only when you're sure that you can trust the extensions in the CSR as pointed out in this thread: http://openssl.6102.n7.nabble.com/subjectAltName-removed-from-CSR-when-signing-td26928.html

另见:如何才能我使用 OpenSSL 生成带有 SubjectAltName 的自签名证书?

这篇关于证书中不存在主题备用名称的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！