how to keep SubjectAltName as as commonName in openssl conf file

Multi tool use
Multi tool use


how to keep SubjectAltName as as commonName in openssl conf file



I am working on building a Certificate Authority on my centos server. I have completed the setup following OpenSSL Cookbook (great stuff) from https://www.feistyduck.com/books/openssl-cookbook/ The concepts explained in the book and procedure is very simple and worked like charm. However, I feel it was a bit outdated and chrome browser changed the behavior to require Subject Alternative Name otherwise it gives browser warning even though the certificate is perfectly valid.


https://www.feistyduck.com/books/openssl-cookbook/



After reading the documentation at https://www.openssl.org/docs/man1.0.2/apps/x509v3_config.html#Subject-Alternative-Name I could understand that I need to include that in my conf file of root CA and sub-ca (intermdiate Certificate Authority).


https://www.openssl.org/docs/man1.0.2/apps/x509v3_config.html#Subject-Alternative-Name



Now what I want to do is to use the commonName as SAN. That means instead of hardcoding SAN, I want to take whatever the value I get from CSR for CommonName and use that as SAN.
What should I put in conf file to achieve this?
I tried to put
subjectAltName = $commonName
and it is telling me that it is not a valid way of defining SAN.



Here is my actual conf file


https://pastebin.com/UtCDU4BE




2 Answers
2



This answer might help https://security.stackexchange.com/a/91556. As @Jon already mentioned. It's only possible with the help of a template.
Make sure you validated the input. Otherwise someone can inject a new line into the DNS name.
An other solution to the problem could be to use https://github.com/cloudflare/cfssl or https://github.com/google/easypki instead.



Unfortunately, the OpenSSL conf files aren't at all sophisticated, and it isn't possible to refer to previously declared names.



I think the usual approach is to write a short script which can fill in a template conf file. It's certainly what I've done in the past.






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

lvLx 3uI6OPvrDbOW
-
Ex7RZiPh Ktw15mUEnX23edTrdqDd,B,B,oRVihpyvVdMk slU2s0Y68y7u8OI6bZOok4bBJ vPs30Xy

Popular posts from this blog

PHP contact form sending but not receiving emails

PHP contact form sending but not receiving emails I have created a contact form using PHP to send the data. The form seems to send fine as there are no errors and success message appears, however I am not receving the emails into the designated inbox. I am using PHPMailer as I originally tried just using the php 'mail' command which I now understand is a bit hit and miss. I cannot see why I would not be receving the emails so I would be very grateful for any help that could be given. I'm quite new to PHP so please be patient with me :) <?php use PHPMailerPHPMailerPHPMailer; use PHPMailerPHPMailerException; $msg = ""; if (isset($_POST['submit'])) { require 'phpmailer/src/Exception.php'; require 'phpmailer/src/PHPMailer.php'; require 'phpmailer/src/SMTP.php'; function sendemail ($to, $from, $body) { $mail = new PHPMailer(true); $mail->setFrom($from); $mail->addAddress($to); $ma...
Read more

Do graphics cards have individual ID by which single devices can be distinguished?

Do graphics cards have individual ID by which single devices can be distinguished? I have several graphics cards of the same manufacturer and same model and I want to distinguish them not only by the pcie socket they reside in but by some individual value I can read from the hardware. Is there such value and if so what would it be called and how could I access it? Right now I'm using modern nvidia cards (10xx series) and nvidia inspector.but I'd prefer if there was any value that was also applicable to amd. I have programming and scripting knowledge. I am running Windows 10 1 Answer 1 This is a powershell example to pull information from video cards. The DeviceID is supposed to be unique but only if the manufacturer supports Windows Display Driver Model (WDDM). (I copied this directly from docs.microsoft.com) $strComputer = "." $colItems = get-wmiobject -class "Win32_VideoC...
Read more

Create weekly swift ios local notifications

Create weekly swift ios local notifications I can create daily notifications but not weekly ones using swift 3 ios 10 User Notifications framework. Daily works fine but when I add in the .weekday parameter it doesn't send me a notification. The code is: for i in 1 ... 7 { let center = UNUserNotificationCenter.current(); let content = UNMutableNotificationContent(); content.title = "Title"; content.body = "content"; content.sound = UNNotificationSound.default(); var dateComponents = DateComponents(); dateComponents.weekday = i; // hours is 00 to 11 in string format if (daynight == "am") { dateComponents.hour = Int(hours); } else { dateComponents.hour = Int(hours)! + 12; } // mins is 00 to 59 in string format dateCom...
Read more