证书中不存在主题备用名称 [英] Subject Alternative Name not present in certificate
问题描述
我生成了一个包含字段主题替代名称的 CSR:
I have generated a CSR that includes the field subject alt names:
openssl req -out mycsr.pem -new -key mykey.pem -days 365
当我检查它时,它看起来像预期的那样,出现了一个新字段:
When I inspect this it looks as expected with a new field present:
X509v3 Subject Alternative Name:
DNS: my.alt.dns
但是,当我用它来签署证书时,由于某种原因,该字段被省略了.
However when I use this to sign a certificate that field is omitted for some reason.
我使用以下命令生成它:
I generate it with the following command:
openssl ca -out mycert.pem -infiles mycsr.pem
我的 CA 证书是否必须包含相同的 Alt 名称才能包含在内?
Can it be that my CA cert have to include the same Alt name for it to be included?
推荐答案
您可以使用:
copy_extensions = copy
在 openssl.cnf
中的 CA_default
部分下.
under your CA_default
section in your openssl.cnf
.
但只有当您确定您可以信任 CSR 中的扩展时,如该线程中所指出的那样:http://openssl.6102.n7.nabble.com/subjectAltName-removed-from-CSR-when-signing-td26928.html
but only when you're sure that you can trust the extensions in the CSR as pointed out in this thread: http://openssl.6102.n7.nabble.com/subjectAltName-removed-from-CSR-when-signing-td26928.html
另见:如何才能我使用 OpenSSL 生成带有 SubjectAltName 的自签名证书?
这篇关于证书中不存在主题备用名称的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!