[Linux-bruxelles] Générer une CSR avec OpenSSL

Depuydt, Patrick patrick at htag2.com
Lun 25 Nov 11:08:49 CET 2019 

Pour info et pour ceux pour qui SSL file des boutons ou est trop complexe
je vous renvoie vers l'utilisation de XCA ( https://hohnstaedt.de/xca/); ce
petit outil (open-source, il en va de soi) est vachement utile et en plus
il est system agnostic :)

Cela simplifiera la gestion de vos certificats, tout en les protégeant (à
la keepass) d'accès non désiré.

@++

On Fri, Nov 22, 2019 at 2:59 PM Etienne <chokeboy at gmail.com> wrote:

> Hello,
> je tente de générer une CSR avec OpenSSL et un fichier de config qui
> spécifie entre autres les SAN qui doivent figurer dans la CSR.
> La CSR est bien générée mais les SAN ne s'y trouvent pas.
> Quelqu'un ici aurait-il une idée de pourquoi ça fonctionne pas ?
> Merci d'avance  et bon weekend !
> Etienne
>
> me at test ~/test $ ls -lat
> total 12
> drwxrwxr-x 2 etienne etienne 4096 Nov 22 14:44 .
> -rw-rw-r-- 1 etienne etienne  487 Nov 22 14:44 test.cnf
> drwxrwxr-x 5 etienne etienne 4096 Nov 22 14:39 ..
> me at test ~/test $
> me at test ~/test $
> me at test ~/test $ cat test.cnf
> [ req ]
>
> default_bits       = 2048
> distinguished_name = myrequest_dn
> req_extentions     = v3_ext
> prompt             = no
>
> [ myrequest_dn ]
>
> countryName            = BE
> stateOrProvinceName    = Brussels
> localityName           = Brussels
> organizationName       = TestLab
> organizationalUnitName = IT
> commonName             = host01.testlab.local
> emailAddress           = me at testlab.local
>
> [ v3_ext ]
>
> subjectAltName = @alt_names
>
> [ alt_names ]
>
> DNS.1 = host01.testlab.local
> DNS.2 = host01
>
> me at test ~/test $
> me at test ~/test $
> me at test ~/test $ openssl req -new -newkey rsa:2048 -nodes -config
> test.cnf -keyout test.key -out test.csr
> Generating a RSA private key
> .+++++
> ................+++++
> writing new private key to 'test.key'
> -----
> me at test ~/test $
> me at test ~/test $
> me at test ~/test $
> me at test ~/test $ openssl req -noout -text -in test.csr
> Certificate Request:
>     Data:
>         Version: 1 (0x0)
>         Subject: C = BE, ST = Brussels, L = Brussels, O = TestLab, OU =
> IT, CN = host01.testlab.local, emailAddress = me at testlab.local
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 RSA Public-Key: (2048 bit)
>                 Modulus:
>                     00:9e:ba:7f:15:49:30:1c:e3:93:e6:52:ac:31:2b:
>                     15:51:23:bf:1e:00:e4:52:bf:25:db:07:90:57:5f:
>                     58:01:7d:ad:e5:0a:03:5f:1a:9a:ee:b1:8e:68:dc:
>                     f6:f5:d5:07:82:8c:16:c0:75:f4:ed:30:3a:b0:d2:
>                     31:19:5c:8c:04:5c:8d:a3:73:ca:0d:fb:24:72:1b:
>                     93:b2:83:27:aa:63:de:1d:7e:6a:a1:be:7a:6a:d8:
>                     1e:58:5f:35:cd:2b:64:7c:ff:ea:c7:cb:e9:d4:7d:
>                     1a:14:91:d2:3e:b9:10:ec:d4:ef:95:92:b6:ff:ba:
>                     a2:c6:4d:80:94:fc:6f:30:73:d4:95:93:f1:30:32:
>                     52:14:c7:32:49:ca:38:b3:d0:61:89:47:2c:06:79:
>                     63:7f:b4:ed:4f:19:ed:33:b0:44:8c:f3:22:19:9e:
>                     99:ff:6c:a9:da:87:a4:8d:50:d2:68:0b:2f:04:7d:
>                     97:bd:f3:2d:94:3b:cd:1b:f3:ca:0c:32:5b:e9:e3:
>                     36:0e:6a:f4:36:af:b7:c1:3b:79:75:b0:83:ba:a3:
>                     c2:be:4f:44:d0:e5:82:33:81:40:4d:75:36:2f:0a:
>                     cc:43:57:4e:64:f9:d3:4b:8d:0f:41:b0:e2:0b:f2:
>                     d8:74:96:09:40:a3:0d:e7:1c:66:5b:9c:6c:2e:91:
>                     c6:23
>                 Exponent: 65537 (0x10001)
>         Attributes:
>             a0:00
>     Signature Algorithm: sha256WithRSAEncryption
>          76:ae:63:31:be:98:49:a8:ec:3e:83:f1:3d:bf:c6:e2:fe:b7:
>          36:6d:a8:b9:bb:8f:f3:51:81:ab:01:d4:7a:05:5b:9f:28:26:
>          e8:20:66:6d:63:01:4a:f7:37:82:fb:e9:22:ef:32:4c:90:13:
>          07:64:da:c0:9b:93:53:bc:52:2c:12:34:eb:f1:fa:21:c8:67:
>          dd:7a:3c:13:1a:65:3d:28:8c:df:13:03:e6:87:4a:29:3d:77:
>          b9:de:a2:e8:c0:e4:98:f0:e6:d4:e7:78:cb:bc:0b:c6:98:ba:
>          32:c0:52:60:33:bc:d8:54:bd:19:b4:1a:87:c3:77:c9:ce:d4:
>          84:47:1f:e7:fb:60:28:70:61:54:f8:c1:7b:66:65:b9:83:bc:
>          70:9c:e8:69:95:3e:89:3c:33:1e:9a:26:95:bc:a3:73:c1:e6:
>          d9:99:17:54:a5:33:89:f2:52:bc:72:07:4b:22:c1:e8:b2:50:
>          e0:78:93:fa:e3:2e:53:26:21:12:3e:a7:ab:bc:49:c5:ef:9e:
>          e1:1e:35:61:ed:1f:34:7b:88:77:13:0b:26:a4:a0:b7:11:a6:
>          44:ef:c3:df:e4:18:ee:aa:94:4d:0d:da:11:35:31:32:e6:b0:
>          39:57:79:24:f4:4e:dd:b8:37:5b:48:60:f2:df:b3:4b:6c:58:
>          e2:3b:f4:ad
> me at test ~/test $
> _______________________________________________
> Linux-bruxelles :
> Èchanger, partager, s'informer par mails sur toute action, proposition
> accordée avec: http://www.bxlug.be/?Nos-statuts
>
> Linux-bruxelles at lists.bxlug.be
> https://chahut.domainepublic.net/cgi-bin/mailman/listinfo/linux-bruxelles
>
>
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: </pipermail/linux-bruxelles/attachments/20191125/0e93922e/attachment-0002.html>

Plus d'informations sur la liste de diffusion Linux-bruxelles