How can an ACF2 GENCERT command be done with a Subject Altname of an IP Address, Domain name, EMAIL, or URI?
The following examples show how to issue an ACF2 GENCERT command with a Subject Altname of an IP address or Domain name, EMAIL, or URI.
Example 1:
GENCERT CERTAUTH.suffix Subj(CN='cn name'
OU='Dept name' O='Company Name' C=xx) label(label name)
ALtname(IP=###.###.###.##)
CERTDATA / CERTAUTH.suffix LAST CHANGED BY USER001 ON 10/10/14-12:29
CERTNSER(0000000000000001) ISSUERDN(CN=cn name.OU=Dept name.O=
Company Name.C=xx) KEYSIZE(1,024) LABEL(label name) SERIAL#(00)
SUBJDN(CN=cn name.OU=Dept name.O=Company name.C=xx) TRUST
Certificate is not connected to any key rings
PROFILE
chkcert CERTAUTH.SUFFIX
Label:
Audit CA
Serial number:
00
Issuer's distinguished name:
CN=cn name
OU=Dept name
O=Company name
C=xx
Subject's distinguished name:
CN=cn name
OU=Dept name
O=Company name
C=xx
Subject's AltNames:
IP: ###.###.###.##
Key Usage:
CERTSIGN
Not valid before:
2014/10/10 00:00:00 UTC
Not valid after:
2015/10/10 23:59:59 UTC
Private Key Type:
RSA
Private key bit size:
1024
Signature Algorithm:
sha-1WithRSAEncryption
This certificate is registered with CA ACF2
The CERTDATA record key is CERTAUTH.SUFFIX
CERTDATA / CERTAUTH.SUFFIX LAST CHANGED BY USER001 ON 10/10/14-12:29
CERTNSER(0000000000000001) ISSUERDN(CN=cn name.OU=Dept name.O=
Company name.C=xx) KEYSIZE(1,024) LABEL(label name) SERIAL#(00)
SUBJDN(CN=cn name.OU=Dept name.O=Company name.C=xx) TRUST
Certificate is not connected to any key rings
Example 2:
GENCERT TEST01.cert Subj(CN='sys1.test.com' OU='test' C=US)
ALtname(DOMAIN=sys1.test.com ip=###.###.#.### [email protected] URI=http://example.com)
Label:
TEST01.CERT
Serial number:
00
Issuer's distinguished name:
CN=sys1.test.com
OU=test
C=US
Subject's distinguished name:
CN=test01 altname no label
OU=test
C=US
Subject's AltNames:
IP: ###.###.#.###
E-mail: [email protected]
Domain: sys1.test.com
URI: http://example.com
Not valid before:
2016/04/14 00:00:00 UTC
Not valid after:
2017/04/14 23:59:59 UTC
Private Key Type:
RSA
Private key bit size:
1024
Signature Algorithm:
sha-1WithRSAEncryption
This certificate is registered with CA ACF2
The CERTDATA record key is TEST01.CERT
CERTDATA / TEST01.CERT LAST CHANGED BY USER001 ON 04/14/16-11:04
CERTNSER(0000000000000001)
ISSUERDN(CN=test01 altname no label.OU=test.C=US)
KEYSIZE(1,024) LABEL(TEST01.CERT) SERIAL#(00)
SUBJDN(CN=test01 altname no label.OU=test.C=US) TRUST
Notes:
Details on the ACF GENCERT command can be found in ACF2 documentation section GENCERT Subcommand