How to create a (CSR) with multiple Subject Alternative Name (SAN) entries in PASE OpenSSL for 3rd party or Internet CA.

相关文章推荐

帅呆的弓箭 · 【Nginx】面试官问我Nginx如何配置W ...· 3 月前 ·

八块腹肌的遥控器 · Configure a Security ...· 1 年前 ·

傲视众生的鸵鸟 · excel录入技巧：如何进行日期格式的转换 ...· 1 年前 ·

儒雅的碗 · File 对象 | Microsoft Learn· 1 年前 ·

暴走的荒野 · AndroidStudio中两生成apk的方 ...· 1 年前 ·

To return expected results, you can:

Reduce the number of search terms. Each term you use focuses the search further.

Check your spelling. A single misspelled or incorrectly typed term can change your result.

Try substituting synonyms for your original terms. For example, instead of searching for "java classes", try "java training"

Did you search for an IBM acquired or sold product ? If so, follow the appropriate link below to find the content you need.

Additional information about X.509 V3 extension parameters can be found: https://www.openssl.org/docs/man1.1.1/man5/x509v3_config.html

Web searches on 'openssl san csr' will provide similar technotes.
IBM Technology Services consulting team can provide custom directives beyond this technote.

Additional information and instructions can be found here:

https://www.ibm.com/docs/en/i/7.4?topic=device-portable-utilities-i

https://www.openssl.org/news/openssl-1.1.1-notes.html

https://www.ietf.org/rfc/rfc5280.txt

Go to the cmd field. i35, enter, move curser to field under first *. Paste the below sample text.(you may have to paste in 3 steps after a pgdn) Change req_distinguished_name and sans values to match your geography and dns.


    #The sample configuration file to generate the CSR for a server certificate.
#Based off IBMi /QOpenSys/QIBM/UserData/SC1/OpenSSL/openssl.cnf
#Modify the entries to match your domain & cfgtcp option 12 values.
[ req ]
prompt                 = no
days                   = 365
distinguished_name     = req_distinguished_name
req_extensions         = v3_req
[ req_distinguished_name ]
countryName            = AB
stateOrProvinceName    = CD
localityName           = EFG_HIJ
organizationName       = MyOrg
organizationalUnitName = MyOrgUnit
commonName             = mycommname.com
emailAddress           = emailaddress@myemail.com
[ v3_req ]
basicConstraints       = CA:false
extendedKeyUsage       = serverAuth
subjectAltName         = @sans	
[ sans ]
DNS.0 = localhost.mydomain.com
DNS.1 = SystemA.mydomain.com
DNS.2 = SystemA
DNS.3 = TestA
DNS.4 = 172.1.2.3
email.1 = myemail@email.com

Note: To view subject alternative name in the CSR.


     openssl req -text -noout -verify -in req.csr | grep 'DNS'

View the CSR for all content.


     openssl req -text -noout -verify -in req.csr

Step 4. You must send your .csr file to the Issuer (Certificate Authority). Upon receipt, you will be sent a server/client certificate file (.crt).
Most certificate vendor sites also have a 'CSR Decoder' application, that can review your CSR data before the server certificate is submitted.
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CImAAM","label":"OpenSSL OpenSSH"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]