How to create a (CSR) with multiple Subject Alternative Name (SAN) entries in PASE OpenSSL for 3rd party or Internet CA.

相关文章推荐

有腹肌的围巾 · 2021年央视六套收视率最高的20部电影出炉 ...· 2 月前 ·

暴走的黄豆 · 不思议迷宫地狱边境隐藏冈布奥怎么获得_439 ...· 4 月前 ·

犯傻的毛衣 · 僵尸娘美图 - 抖音· 1 年前 ·

玩篮球的手套 · 归一无广告,归一图片头像 - 快看漫画· 1 年前 ·

威武的火车 · 滴答清单高级永久会员兑换码 - 抖音· 1 年前 ·

To return expected results, you can:

Reduce the number of search terms. Each term you use focuses the search further.

Check your spelling. A single misspelled or incorrectly typed term can change your result.

Try substituting synonyms for your original terms. For example, instead of searching for "java classes", try "java training"

Did you search for an IBM acquired or sold product ? If so, follow the appropriate link below to find the content you need.

Additional information about X.509 V3 extension parameters can be found: https://www.openssl.org/docs/man1.1.1/man5/x509v3_config.html

Web searches on 'openssl san csr' will provide similar technotes.
IBM Technology Services consulting team can provide custom directives beyond this technote.

Additional information and instructions can be found here:

https://www.ibm.com/docs/en/i/7.4?topic=device-portable-utilities-i

https://www.openssl.org/news/openssl-1.1.1-notes.html

https://www.ietf.org/rfc/rfc5280.txt

Go to the cmd field. i35, enter, move curser to field under first *. Paste the below sample text.(you may have to paste in 3 steps after a pgdn) Change req_distinguished_name and sans values to match your geography and dns.


    #The sample configuration file to generate the CSR for a server certificate.
#Based off IBMi /QOpenSys/QIBM/UserData/SC1/OpenSSL/openssl.cnf
#Modify the entries to match your domain & cfgtcp option 12 values.
[ req ]
prompt                 = no
days                   = 365
distinguished_name     = req_distinguished_name
req_extensions         = v3_req
[ req_distinguished_name ]
countryName            = AB
stateOrProvinceName    = CD
localityName           = EFG_HIJ
organizationName       = MyOrg
organizationalUnitName = MyOrgUnit
commonName             = mycommname.com
emailAddress           = emailaddress@myemail.com
[ v3_req ]
basicConstraints       = CA:false
extendedKeyUsage       = serverAuth
subjectAltName         = @sans	
[ sans ]
DNS.0 = localhost.mydomain.com
DNS.1 = SystemA.mydomain.com
DNS.2 = SystemA
DNS.3 = TestA
DNS.4 = 172.1.2.3
email.1 = myemail@email.com

Note: To view subject alternative name in the CSR.


     openssl req -text -noout -verify -in req.csr | grep 'DNS'

View the CSR for all content.


     openssl req -text -noout -verify -in req.csr

Step 4. You must send your .csr file to the Issuer (Certificate Authority). Upon receipt, you will be sent a server/client certificate file (.crt).
Most certificate vendor sites also have a 'CSR Decoder' application, that can review your CSR data before the server certificate is submitted.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CImAAM","label":"OpenSSL OpenSSH"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]