I want to generate a CSR with a SAN portion and keep getting the following error: unable to find 'distinguished_name' in config
As far as I can tell, the cnf is structured appropriately and being called as well. Noting the CN value doesn't match the SAN and is mandated by my organization.
Here is the content of my cnf file:
[me@server-5007749 ~]$ cat openssl.cnf
[ req ]
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
C = CA
0.OU = SSL
1.OU = Device
O = MyOrg
CN = 43546323
[ req_ext ]
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = my_fqdn_here.ca
Here is the content of my shell script containing the command creating the CSR:
[me@server-5007749 ~]$ cat ssl.sh
export OPENSSL_CONF=/home/me
printenv OPENSSL_CONF
openssl req -new -key /opt/rh/httpd24/root/etc/httpd/certs/private.key -out site_csr.csr
Here is the output of my shell script:
[me@server-5007749 ~]$ ./ssl.sh
/home/me
unable to find 'distinguished_name' in config
problems making Certificate Request
140524933736336:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:324:group=req name=distinguished_name
Edit #1
I tried with a few different OpenSSL versions thinking I might be better results:
OPENSSL_CONF is used to specify the location of the configuration file.
try this
export OPENSSL_CONF=/home/me/openssl.cnf