How can I provide openssl subjectaltname directly on the command line?

697    Asked by AnishaDalal in Cyber Security , Asked on Sep 26, 2022

 Is it possible to provide a subjectAltName-Extension to the openssl req module directly on the command line? I know it's possible via an openssl.cnf file, but that's not really elegant for batch-creation of CSRs.

Answered by Andrew Jenkins

My solution was to pass openssl subjectAltName via an environment variable.


First have this added to openssl.conf:

[ san_env ]

subjectAltName=${ENV::SAN}

Then set the environment variable before invoking openssl:

export SAN=DNS:value1,DNS:value2

openssl req -extensions san_env -subj '/CN=value1' ...

Note: the -extensions san_env parameter needs to be present when signing the CSR as well as when generating it. Therefore, for CA-signed CSRs add -extensions san_env to the openssl ca command as well.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com