[SOLVED] No SubjectAltname in Commercial Certificate request (FOSS 5.0.1)

[riddles]

I'm trying to create a certificate request with two subjectAltNames in it, but am failing. I'm trying to include both my internal (intranet) hostname and the external (internet) hostname in the certificate.
The request looks like this:

Code:

[root@host bin]# ./zmcertmgr createcsr comm -new '/C=NL/L=City/O=Domain.com/CN=host.domain.lan' -subjectAltNames 'host.domain.lan,mail.domain.com'
** Generating a server csr for download comm -new /C=NL/L=City/O=Domain.com/CN=host.domain.lan -subjectAltNames host.domain.lan,mail.domain.com
subj=/C=NL/L=City/O=Domain.com/CN=host.domain.lan
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080114111037
** Creating directory /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp
** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done.

But, the resulting csr does not include the subjectAltNames (it should be displayed under the certificate extensions - right?):

Code:

[root@tyr bin]# openssl req -in /opt/zimbra/ssl/zimbra/commercial/commercial.csr -noout -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=NL, L=City, O=Domain.com, CN=host.domain.lan
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:bb:b2:e5:16:85:d7:f0:71:f2:16:cd:74:74:7e:
                    0f:3b:e9:f5:33:10:32:c0:68:a1:16:2e:9c:cd:d6:
                    8c:20:05:33:cd:21:5e:ba:05:b6:0a:52:66:d9:0d:
                    bd:21:f4:0d:84:09:22:f1:72:83:a8:e7:60:f4:76:
                    2b:4d:ca:a3:dc:3d:2e:8a:99:87:c0:f2:58:dd:7a:
                    15:90:86:0e:fe:0f:d5:8a:fe:44:d9:e2:2e:f0:2d:
                    f4:f8:9c:db:77:67:94:55:ee:ce:d8:97:5c:53:ef:
                    ba:c0:23:4c:ae:d8:e7:a8:76:07:aa:04:ce:39:3d:
                    b3:5a:57:56:4b:eb:90:3d:63
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: sha1WithRSAEncryption
        9d:99:46:73:34:3e:97:5a:b9:72:d5:29:b4:1f:8b:e0:c3:b7:
        cc:27:a0:65:82:98:7a:f1:ea:72:ac:6b:46:5b:c2:45:f4:78:
        ca:be:0d:fe:ee:5d:0f:fb:55:1b:04:c8:4c:78:e0:46:47:d4:
        20:8f:49:75:3e:c4:42:af:88:5f:dc:03:17:21:7d:41:ba:af:
        07:d7:25:e3:b3:51:4a:a2:13:e2:23:14:16:fd:4b:cc:8e:78:
        8d:d1:88:af:9c:06:15:86:f4:67:4e:1f:d4:e9:2a:4d:9b:cc:
        19:da:bd:8c:1d:59:aa:8a:86:05:71:5f:32:30:e3:d8:35:d2:
        f5:d4

What's going on here? What am I doing wrong?
I tried this using the admin GUI, but the result is the same.

[brian]

can you post the output of

Quote:

bash -x /opt/zimbra/bin/zmcertmgr createcsr comm -new '/C=NL/L=City/O=Domain.com/CN=host.domain.lan' -subjectAltNames 'host.domain.lan,mail.domain.com'

The same command works okay on my system.

Quote:

root@build13:/opt/zimbra/ssl/zimbra/commercial# bash /opt/zimbra/bin/zmcertmgr createcsr comm -new '/C=NL/L=City/O=Domain.com/CN=host.domain.lan' -subjectAltNames 'host.domain.lan,mail.domain.com'
** Generating a server csr for download comm -new /C=NL/L=City/O=Domain.com/CN=host.domain.lan -subjectAltNames host.domain.lan,mail.domain.com
subj=/C=NL/L=City/O=Domain.com/CN=host.domain.lan
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080124094656
** Creating /opt/zimbra/conf/zmssl.cnf...done
** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done.
root@build13:/opt/zimbra/ssl/zimbra/commercial# !open
openssl req -in commercial.csr -noout -text -subject
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=NL, L=City, O=Domain.com, CN=host.domain.lan
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:e3:70:87:c8:81:92:2a:73:7f:c9:0e:7c:66:cf:
1d:ef:42:b5:ca:9c:d5:1f:d2:3b:c5:b5:96:21:d8:
3d:47:38:52:e8:66:c9:d5:85:fe:b3:c0:89:0b:33:
b3:13:bf:c4:08:50:e2:c2:0f:d3:ba:a1:a5:4d:24:
74:58:f9:61:61:b5:07:dd:ce:f0:2e:91:21:66:b8:
b1:70:69:82:79:8c:49:1e:6a:e5:7c:f7:bf:d0:85:
ec:9d:9b:52:ba:87:0c:ad:a5:b2:4a:b2:4f:1c:86:
11:e8:2a:fa:e3:db:a6:09:bb:a2:83:9f:42:74:0f:
5d:7a:2f:db:88:58:89:dd:5d
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:build13.re.zimbra.com, DNS:host.domain.lan, DNS:mail.domain.com
Signature Algorithm: sha1WithRSAEncryption
db:56:41:b1:ea:3a:87:06:12:bf:a4:70:05:3c:db:dd:74 :10:
11:7c:6a:d0:c0:54:eb:2c:29:29:9a:2f:ad:66:0a:61:6f :8c:
55:11:c2:dc:0a:e8:a4:94:c5:01:de:61:64:83:f5:a7:18 :2f:
7e:6a:aa:b0:34:05:b9:1c:58:1e:2a:f8:82:6f:03:35:0d :ce:
b4:4a:46:7f:00:0b:98:f4:78:a3:97:ee:44:fb:0d:e7:7a :dd:
1b:75:78:33:de:48:b8:3a:f9:7a:14:f1:eb:84:ae:4d:a4 :88:
89:4f:53:03:a0:ac:77:c9:aa:e2:26:df:c0:a6:06:96:6a :cc:
ac:4d
subject=/C=NL/L=City/O=Domain.com/CN=host.domain.lan

[riddles]

I did the exact same thing again and it worked this time. I have no idea what went wrong last time (and I tried this several times!). But, thanks anyway