Re: OK Let me try again

Home Page Forums Network Management Request a new feature subjectAltName Re: OK Let me try again

#52070

gordonf
Member

I see I didn’t make much sense there.

I run my own certificate authority, using Windows Server granted, but I’ve done the same thing in OpenSSL. When a certificate authority signs a CSR to generate a cert, they can add details that the original CSR requester didn’t ask for, including alternative names. I don’t use self-signed certs if I can help it, preferring to use an in-house CA. I also don’t remember any CSR generator that lets one request SAN attributes.

OK, Cisco IOS can do it, but my experience is both OpenSSL and Windows Cert Services ignores it. I’ve had to specify SAN attributes when signing the CSRs coming from that.

Were you asking for Zeroshell to be able to create a self-signed certificate with SAN attributes added? I’m finding plenty of examples for IIS6 and IIS7 but not for what Zeroshell uses as a web server. But you could set up an in-house CA with OpenSSL or Certificate Services and make up SAN certs in the meantime, until Zeroshell gets the feature.