[Linux-bruxelles] Générer une CSR avec OpenSSL
Etienne
chokeboy at gmail.com
Ven 22 Nov 14:59:32 CET 2019
Hello,
je tente de générer une CSR avec OpenSSL et un fichier de config qui
spécifie entre autres les SAN qui doivent figurer dans la CSR.
La CSR est bien générée mais les SAN ne s'y trouvent pas.
Quelqu'un ici aurait-il une idée de pourquoi ça fonctionne pas ?
Merci d'avance et bon weekend !
Etienne
me at test ~/test $ ls -lat
total 12
drwxrwxr-x 2 etienne etienne 4096 Nov 22 14:44 .
-rw-rw-r-- 1 etienne etienne 487 Nov 22 14:44 test.cnf
drwxrwxr-x 5 etienne etienne 4096 Nov 22 14:39 ..
me at test ~/test $
me at test ~/test $
me at test ~/test $ cat test.cnf
[ req ]
default_bits = 2048
distinguished_name = myrequest_dn
req_extentions = v3_ext
prompt = no
[ myrequest_dn ]
countryName = BE
stateOrProvinceName = Brussels
localityName = Brussels
organizationName = TestLab
organizationalUnitName = IT
commonName = host01.testlab.local
emailAddress = me at testlab.local
[ v3_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = host01.testlab.local
DNS.2 = host01
me at test ~/test $
me at test ~/test $
me at test ~/test $ openssl req -new -newkey rsa:2048 -nodes -config test.cnf
-keyout test.key -out test.csr
Generating a RSA private key
.+++++
................+++++
writing new private key to 'test.key'
-----
me at test ~/test $
me at test ~/test $
me at test ~/test $
me at test ~/test $ openssl req -noout -text -in test.csr
Certificate Request:
Data:
Version: 1 (0x0)
Subject: C = BE, ST = Brussels, L = Brussels, O = TestLab, OU = IT,
CN = host01.testlab.local, emailAddress = me at testlab.local
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:ba:7f:15:49:30:1c:e3:93:e6:52:ac:31:2b:
15:51:23:bf:1e:00:e4:52:bf:25:db:07:90:57:5f:
58:01:7d:ad:e5:0a:03:5f:1a:9a:ee:b1:8e:68:dc:
f6:f5:d5:07:82:8c:16:c0:75:f4:ed:30:3a:b0:d2:
31:19:5c:8c:04:5c:8d:a3:73:ca:0d:fb:24:72:1b:
93:b2:83:27:aa:63:de:1d:7e:6a:a1:be:7a:6a:d8:
1e:58:5f:35:cd:2b:64:7c:ff:ea:c7:cb:e9:d4:7d:
1a:14:91:d2:3e:b9:10:ec:d4:ef:95:92:b6:ff:ba:
a2:c6:4d:80:94:fc:6f:30:73:d4:95:93:f1:30:32:
52:14:c7:32:49:ca:38:b3:d0:61:89:47:2c:06:79:
63:7f:b4:ed:4f:19:ed:33:b0:44:8c:f3:22:19:9e:
99:ff:6c:a9:da:87:a4:8d:50:d2:68:0b:2f:04:7d:
97:bd:f3:2d:94:3b:cd:1b:f3:ca:0c:32:5b:e9:e3:
36:0e:6a:f4:36:af:b7:c1:3b:79:75:b0:83:ba:a3:
c2:be:4f:44:d0:e5:82:33:81:40:4d:75:36:2f:0a:
cc:43:57:4e:64:f9:d3:4b:8d:0f:41:b0:e2:0b:f2:
d8:74:96:09:40:a3:0d:e7:1c:66:5b:9c:6c:2e:91:
c6:23
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
76:ae:63:31:be:98:49:a8:ec:3e:83:f1:3d:bf:c6:e2:fe:b7:
36:6d:a8:b9:bb:8f:f3:51:81:ab:01:d4:7a:05:5b:9f:28:26:
e8:20:66:6d:63:01:4a:f7:37:82:fb:e9:22:ef:32:4c:90:13:
07:64:da:c0:9b:93:53:bc:52:2c:12:34:eb:f1:fa:21:c8:67:
dd:7a:3c:13:1a:65:3d:28:8c:df:13:03:e6:87:4a:29:3d:77:
b9:de:a2:e8:c0:e4:98:f0:e6:d4:e7:78:cb:bc:0b:c6:98:ba:
32:c0:52:60:33:bc:d8:54:bd:19:b4:1a:87:c3:77:c9:ce:d4:
84:47:1f:e7:fb:60:28:70:61:54:f8:c1:7b:66:65:b9:83:bc:
70:9c:e8:69:95:3e:89:3c:33:1e:9a:26:95:bc:a3:73:c1:e6:
d9:99:17:54:a5:33:89:f2:52:bc:72:07:4b:22:c1:e8:b2:50:
e0:78:93:fa:e3:2e:53:26:21:12:3e:a7:ab:bc:49:c5:ef:9e:
e1:1e:35:61:ed:1f:34:7b:88:77:13:0b:26:a4:a0:b7:11:a6:
44:ef:c3:df:e4:18:ee:aa:94:4d:0d:da:11:35:31:32:e6:b0:
39:57:79:24:f4:4e:dd:b8:37:5b:48:60:f2:df:b3:4b:6c:58:
e2:3b:f4:ad
me at test ~/test $
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: </pipermail/linux-bruxelles/attachments/20191122/e5dabb6a/attachment.html>
Plus d'informations sur la liste de diffusion Linux-bruxelles