OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
(no subject)

From: Mathieu Sauve-Frankel (msfkisoku.net)
Date: Wed Mar 22 2006 - 17:42:43 CST

Bcc:
Subject: Re: certpatch on obsd 3.8
Reply-To: msfkisoku.net
In-Reply-To: <OF8816A2AA.1661A23D-ONC1257138.0057C648-C1257139.007BA8F8speedware.cz>

> i can use this (but without success :-( ):
>
> # openssl x509 -req -days 730 -in /etc/isakmpd/private/${new_cert}.csr -CA
> $CA_crt -CAkey $CA_key -CAcreateserial -extfile /etc/ssl/x509v3.cnf
> -extensions x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt
>
> with this in x509v3.cnf
> # default settings
> CERTUFQDN = "what i have to give there ??!!"
>
> [x509v3_UFQDN]
> subjectAltName=email:$ENV::CERTUFQDN

something like this

# env CERTUFQDN=namedomain.com openssl x509 -req -days 730 -in \
        /etc/isakmpd/private/${new_cert}.csr -CA $CA_crt -CAkey $CA_key \
        -CAcreateserial -extfile /etc/ssl/x509v3.cnf -extensions \
        x509v3_UFQDN -out /etc/isakmpd/certs/${new_cert}.crt

--
Mathieu Sauve-Frankel