What is the correct configuration for otherName in SAN section of openSSL CNF?
I've searched all over to get the correct format to add the otherName SAN - with no luck. I'm trying to generate a client certificate to use with FreeRADIUS.
The following work as it relates to DNS and IP:
DNS.1 DNS.2 DNS.3 . . . IP.1 IP.2 IP.3
But the following generates an error:
otherName.1 = 1.3.6.1.4.1.311.20.2.3;UTF8:xxx otherName.2 = 1.3.6.1.4.1.311.20.2.3;UTF8:xxx otherName.3 = 1.3.6.1.4.1.311.20.2.3;UTF8:xxx
Here's the error that is generated:
Error checking request extension section req_ext 488E0000:error:11000093:X509 V3 routines:a2i_GENERAL_NAME:othername error:crypto\x509\v3_san.c:571: 488E0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:crypto\x509\v3_conf.c:48:section=req_ext, name=subjectAltName, value=@alt_names
Any help will be appreciated.
Thank you
