Como herdar o commonName para o nome alternativo do assunto

Question

Use ${section::name}para ler variáveis previamente definidas.

Aqui está um exemplo que funciona:

[ req ]

prompt             = no
string_mask        = default

# The size of the keys in bits:
default_bits       = 2048
distinguished_name = req_dn
req_extensions     = req_ext

[ req_dn ]

# Or traditional org style:
countryName = gb
organizationName = example
commonName = acme.example.test

[ req_ext ]

subjectAltName = @alt_names

[alt_names]
DNS.1 = ${req_dn::commonName}
DNS.2 = alt.example.test

Seguido pela:

openssl req -nodes -new -keyout test.key -out test.csr -config ./openssl.cnf

Isto resulta em:

openssl req -noout -text -in test.csr

dando:

 ...
    Attributes:
    Requested Extensions:
        X509v3 Subject Alternative Name:
            DNS:acme.example.test, DNS:alt.example.test
Signature Algorithm: sha256WithRSAEncryption
     92:1c:e0:0e:6d:7d:2e:b4:64:c5:ab:ff:6a:37:dd:35:98:58:
 ...

Answer 1

Use ${section::name}para ler variáveis previamente definidas.

Aqui está um exemplo que funciona:

[ req ]

prompt             = no
string_mask        = default

# The size of the keys in bits:
default_bits       = 2048
distinguished_name = req_dn
req_extensions     = req_ext

[ req_dn ]

# Or traditional org style:
countryName = gb
organizationName = example
commonName = acme.example.test

[ req_ext ]

subjectAltName = @alt_names

[alt_names]
DNS.1 = ${req_dn::commonName}
DNS.2 = alt.example.test

Seguido pela:

openssl req -nodes -new -keyout test.key -out test.csr -config ./openssl.cnf

Isto resulta em:

openssl req -noout -text -in test.csr

dando:

 ...
    Attributes:
    Requested Extensions:
        X509v3 Subject Alternative Name:
            DNS:acme.example.test, DNS:alt.example.test
Signature Algorithm: sha256WithRSAEncryption
     92:1c:e0:0e:6d:7d:2e:b4:64:c5:ab:ff:6a:37:dd:35:98:58:
 ...

Como herdar o commonName para o nome alternativo do assunto

Responder1

informação relacionada