Hacker News new | ask | show | jobs
by prdonahue 3010 days ago
Most CAs ignore the subjectAltName extension when parsing CSRs (as it's a pain[1] for users to generate one properly). They just extract the public key, CN, and let you fill in SANs.

1 - Before Cloudflare I used to do this with OpenSSL and it requires half a dozen steps, but with cfssl you can do this quite easily: https://github.com/cloudflare/cfssl/wiki/Creating-a-new-CSR.
1 comments
silverwind 3010 days ago
You can generate SAN CSRs with a openssl one-liner, not that hard.
link
prdonahue 3010 days ago
With a default install/config? Do tell.
link