BowerStudios.com

  • My Lab
  • Family
  • Friends
  • Professional
  • About
Home

Using SSL with an IP address instead of DNS

daniel —Mon, 09/10/2012 - 3:49pm

  • Linux
  • Security

Useful Background links:

  • SSLHandshakeException: No subject alternative names present
  • How are SSL certificate server names resolved/Can I add alternative names using keytool?
  • Keytool manual
  • xinotes.org - Using OpenSSL to add Subject Alternative Names to a certificate

We'll build off of this earlier post about creating a self-signed cert and the Subject Alternative Names link above from xinotes.org.

We'll be changing only two commands from the earlier walkthrough.

This:
Create the certificate signing request:
openssl req -new -key server.key -out server.csr
becomes:
openssl req -new -key server.key -out server.csr -config openssl.cnf

and this:
Sign the certificate signing request, and generate the certificate:
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
becomes:
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt -extensions v3_req -extfile openssl.cnf

We'll also need to add a config file. Copy your operating system's openssl.cnf - on ubuntu it is in /etc/ssl - to your working directory, and make a couple of tweaks to it. We need to do this because the openssl tool will not prompt for these attributes. We'll need to make the entries directly in the config file, and we don't want them to propagate to every other cert we make.

I'll just note the changes that need to be done to the ubuntu openssl.cnf. Slightly more info can be found on the xinotes.org link.

  1. uncomment (by removing the hash mark)
    req_extensions = v3_req # The extensions to add to a certificate request
  2. Modify the v3_req section as follows:
    [ v3_req ]
    subjectAltName = @alt_names
    # Extensions to add to a certificate request
    basicConstraints = CA:FALSE
    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
    [alt_names]
    IP.1 = 192.168.1.2
  • Log in to post comments

Comments

Valid Alternative method

Submitted by daniel on Wed, 08/26/2015 - 9:23am

From: jww on stackoverflow

  • Log in to post comments

Navigation

  • Search
  • Recent content
  • Contact Me
  • Mail
  • Pass Hasher
  • Bower Studios Admin

Quotes

daniel —Fri, 09/28/2007 - 5:53pm

Statistics are like bikinis. What they reveal is suggestive, but what they hide is vital.

—

Aaron Levenstein

  • Log in to post comments
  • daniel's quotes

Popular content

Last viewed:

  • Access getter/setter methods for a JavaBean by Reflection
  • Gotchas with Groovy Exceptions
  • Shields sooner rather than later?
  • Benjamin Franklin
  • Quote

Copyright 2021 Daniel Bower
  • My Lab
  • Family
  • Friends
  • Professional
  • About