Results 1 to 3 of 3

Thread: [SOLVED] No SubjectAltname in Commercial Certificate request (FOSS 5.0.1)

  1. #1
    riddles is offline Starter Member
    Join Date
    Jan 2008
    Posts
    2
    Rep Power
    7

    Default [SOLVED] No SubjectAltname in Commercial Certificate request (FOSS 5.0.1)

    I'm trying to create a certificate request with two subjectAltNames in it, but am failing. I'm trying to include both my internal (intranet) hostname and the external (internet) hostname in the certificate.
    The request looks like this:
    Code:
    [root@host bin]# ./zmcertmgr createcsr comm -new '/C=NL/L=City/O=Domain.com/CN=host.domain.lan' -subjectAltNames 'host.domain.lan,mail.domain.com'
    ** Generating a server csr for download comm -new /C=NL/L=City/O=Domain.com/CN=host.domain.lan -subjectAltNames host.domain.lan,mail.domain.com
    subj=/C=NL/L=City/O=Domain.com/CN=host.domain.lan
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080114111037
    ** Creating directory /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp
    ** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done.
    But, the resulting csr does not include the subjectAltNames (it should be displayed under the certificate extensions - right?):
    Code:
    [root@tyr bin]# openssl req -in /opt/zimbra/ssl/zimbra/commercial/commercial.csr -noout -text
    Certificate Request:
        Data:
            Version: 0 (0x0)
            Subject: C=NL, L=City, O=Domain.com, CN=host.domain.lan
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                RSA Public Key: (1024 bit)
                    Modulus (1024 bit):
                        00:bb:b2:e5:16:85:d7:f0:71:f2:16:cd:74:74:7e:
                        0f:3b:e9:f5:33:10:32:c0:68:a1:16:2e:9c:cd:d6:
                        8c:20:05:33:cd:21:5e:ba:05:b6:0a:52:66:d9:0d:
                        bd:21:f4:0d:84:09:22:f1:72:83:a8:e7:60:f4:76:
                        2b:4d:ca:a3:dc:3d:2e:8a:99:87:c0:f2:58:dd:7a:
                        15:90:86:0e:fe:0f:d5:8a:fe:44:d9:e2:2e:f0:2d:
                        f4:f8:9c:db:77:67:94:55:ee:ce:d8:97:5c:53:ef:
                        ba:c0:23:4c:ae:d8:e7:a8:76:07:aa:04:ce:39:3d:
                        b3:5a:57:56:4b:eb:90:3d:63
                    Exponent: 65537 (0x10001)
            Attributes:
            Requested Extensions:
                X509v3 Basic Constraints:
                    CA:FALSE
                X509v3 Key Usage:
                    Digital Signature, Non Repudiation, Key Encipherment
        Signature Algorithm: sha1WithRSAEncryption
            9d:99:46:73:34:3e:97:5a:b9:72:d5:29:b4:1f:8b:e0:c3:b7:
            cc:27:a0:65:82:98:7a:f1:ea:72:ac:6b:46:5b:c2:45:f4:78:
            ca:be:0d:fe:ee:5d:0f:fb:55:1b:04:c8:4c:78:e0:46:47:d4:
            20:8f:49:75:3e:c4:42:af:88:5f:dc:03:17:21:7d:41:ba:af:
            07:d7:25:e3:b3:51:4a:a2:13:e2:23:14:16:fd:4b:cc:8e:78:
            8d:d1:88:af:9c:06:15:86:f4:67:4e:1f:d4:e9:2a:4d:9b:cc:
            19:da:bd:8c:1d:59:aa:8a:86:05:71:5f:32:30:e3:d8:35:d2:
            f5:d4
    What's going on here? What am I doing wrong?
    I tried this using the admin GUI, but the result is the same.

  2. #2
    brian is offline Project Contributor
    Join Date
    Jul 2006
    Posts
    623
    Rep Power
    10

    Default

    can you post the output of

    bash -x /opt/zimbra/bin/zmcertmgr createcsr comm -new '/C=NL/L=City/O=Domain.com/CN=host.domain.lan' -subjectAltNames 'host.domain.lan,mail.domain.com'
    The same command works okay on my system.
    root@build13:/opt/zimbra/ssl/zimbra/commercial# bash /opt/zimbra/bin/zmcertmgr createcsr comm -new '/C=NL/L=City/O=Domain.com/CN=host.domain.lan' -subjectAltNames 'host.domain.lan,mail.domain.com'
    ** Generating a server csr for download comm -new /C=NL/L=City/O=Domain.com/CN=host.domain.lan -subjectAltNames host.domain.lan,mail.domain.com
    subj=/C=NL/L=City/O=Domain.com/CN=host.domain.lan
    ** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080124094656
    ** Creating /opt/zimbra/conf/zmssl.cnf...done
    ** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done.
    root@build13:/opt/zimbra/ssl/zimbra/commercial# !open
    openssl req -in commercial.csr -noout -text -subject
    Certificate Request:
    Data:
    Version: 0 (0x0)
    Subject: C=NL, L=City, O=Domain.com, CN=host.domain.lan
    Subject Public Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (1024 bit)
    Modulus (1024 bit):
    00:e3:70:87:c8:81:92:2a:73:7f:c9:0e:7c:66:cf:
    1d:ef:42:b5:ca:9c:d5:1f:d2:3b:c5:b5:96:21:d8:
    3d:47:38:52:e8:66:c9:d5:85:fe:b3:c0:89:0b:33:
    b3:13:bf:c4:08:50:e2:c2:0f:d3:ba:a1:a5:4d:24:
    74:58:f9:61:61:b5:07:dd:ce:f0:2e:91:21:66:b8:
    b1:70:69:82:79:8c:49:1e:6a:e5:7c:f7:bf:d0:85:
    ec:9d:9b:52:ba:87:0c:ad:a5:b2:4a:b2:4f:1c:86:
    11:e8:2a:fa:e3:db:a6:09:bb:a2:83:9f:42:74:0f:
    5d:7a:2f:db:88:58:89:dd:5d
    Exponent: 65537 (0x10001)
    Attributes:
    Requested Extensions:
    X509v3 Basic Constraints:
    CA:FALSE
    X509v3 Key Usage:
    Digital Signature, Non Repudiation, Key Encipherment
    X509v3 Subject Alternative Name:
    DNS:build13.re.zimbra.com, DNS:host.domain.lan, DNS:mail.domain.com
    Signature Algorithm: sha1WithRSAEncryption
    db:56:41:b1:ea:3a:87:06:12:bf:a4:70:05:3c:db:dd:74 :10:
    11:7c:6a:d0:c0:54:eb:2c:29:29:9a:2f:ad:66:0a:61:6f :8c:
    55:11:c2:dc:0a:e8:a4:94:c5:01:de:61:64:83:f5:a7:18 :2f:
    7e:6a:aa:b0:34:05:b9:1c:58:1e:2a:f8:82:6f:03:35:0d :ce:
    b4:4a:46:7f:00:0b:98:f4:78:a3:97:ee:44:fb:0d:e7:7a :dd:
    1b:75:78:33:de:48:b8:3a:f9:7a:14:f1:eb:84:ae:4d:a4 :88:
    89:4f:53:03:a0:ac:77:c9:aa:e2:26:df:c0:a6:06:96:6a :cc:
    ac:4d
    subject=/C=NL/L=City/O=Domain.com/CN=host.domain.lan
    Bugzilla - Wiki - Downloads - Before posting... Search!

  3. #3
    riddles is offline Starter Member
    Join Date
    Jan 2008
    Posts
    2
    Rep Power
    7

    Default

    I did the exact same thing again and it worked this time. I have no idea what went wrong last time (and I tried this several times!). But, thanks anyway

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Install a commercial SSL certificate ??
    By nick20 in forum Installation
    Replies: 6
    Last Post: 06-23-2010, 03:08 AM
  2. Replies: 13
    Last Post: 01-15-2008, 08:35 PM
  3. Replies: 1
    Last Post: 11-05-2007, 06:55 PM
  4. Can not reach https://example.com:7017/zimbraAdmin
    By Max Ma in forum Installation
    Replies: 14
    Last Post: 03-31-2007, 09:14 AM
  5. Replies: 26
    Last Post: 02-12-2007, 07:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •