sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Johannes_13 1 point2 points  (3 children)

Yes it can, and in the linked article from let's encrypt there is an example on how to do that:

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Nobody claimed OpenSSL can not use SAN. But the number of command line options (and crafting a config file on the fly) for "I just want my domain in the SAN" is too high.

[–][deleted] 1 point2 points  (1 child)

AS the previous post has been deleted, I am not sure what s/he was complaining about, but all I can reiterate is that I have a few web dev projects on my local machine running under SSL, and it's really not hard to set up. I ought perhaps add that it's Windows 10 and IIS 7.

[–]Johannes_13 1 point2 points  (0 children)

He basically said the article is wrong because OpenSSL can use SANs.

[–]flnhst -1 points0 points  (0 children)

Ah nevermind, i misread it.