Timeline for Where to put SAN
Current License: CC BY-SA 4.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S Jul 14, 2020 at 19:20 | history | suggested | JW0914 | CC BY-SA 4.0 | Applied correct markdown ; Grammatical corrections |
| Jul 14, 2020 at 13:21 | comment | added | JW0914 | @woodz Just an FYI, if you used the v3_req profile in your question, as is, to generate your server cert, it's malformed and missing the requisite KUs and EKUs, and even if the keyUsage is uncommented, dataEncipherment is not a valid KU for a server cert (it should be digitalSignature, keyEncipherment, keyAgreement [reference]). It would also not be a secure cert to use due to being issued with basicConstraints = CA:TRUE, making the server cert a CA (a massive security risk - it should be CA:FALSE). | |
| Jul 14, 2020 at 12:18 | comment | added | JW0914 | @ woodz Your reverted edit is using the incorrect markdown... please see the formatting bar or the help section on how to properly use markdown, as headings are for headings, not numbered lists. Using the incorrect markdown means that someone has to take the time out to edit it, and with such a pervasive amount of incorrect markdown, it's a time-consuming edit, so please use the correct markdown. | |
| Jul 14, 2020 at 12:13 | review | Suggested edits | |||
| S Jul 14, 2020 at 19:20 | |||||
| Jul 14, 2020 at 12:00 | history | rollback | woodz | Rollback to Revision 2 | |
| Jul 14, 2020 at 10:13 | history | edited | woodz | CC BY-SA 4.0 | added 8 characters in body |
| Jul 14, 2020 at 9:59 | comment | added | woodz | @dave_thompson_085: would you mind to put me to an appropriate resource? Coud you provide some cmd-line samples? Telling me of waste but not providing useful stuff.. What would you think it sounds to me? | |
| S Jul 14, 2020 at 7:05 | history | suggested | JW0914 | CC BY-SA 4.0 | Applied correct markdown ; Grammatical corrections |
| Jul 14, 2020 at 1:15 | review | Suggested edits | |||
| S Jul 14, 2020 at 7:05 | |||||
| Jul 14, 2020 at 0:52 | comment | added | dave_thompson_085 | openssl x509 -req completely ignores any extensions in CSR, so the work done in your step 3 to put SAN in CSR is wasted. OTOH openssl ca can use CSR extensions, though not by default, so if you used that and configured copy_extensions, putting SAN only in CSR (step 3) and not the signing operation (a different step 4) is sufficient. Multiple existing Qs have these correct. | |
| Jun 30, 2020 at 15:54 | history | edited | woodz | CC BY-SA 4.0 | added 64 characters in body |
| Jun 30, 2020 at 15:30 | vote | accept | woodz | ||
| Jun 30, 2020 at 15:30 | history | answered | woodz | CC BY-SA 4.0 |