ACF2 GENCERT a digital certificate with an altname
Article ID: 28454
Updated On:
Products
Issue/Introduction
How can an ACF2 GENCERT command be done with a Subject Altname of an IP Address, Domain name, EMAIL, or URI?
Resolution
The following examples show how to issue an ACF2 GENCERT command with a Subject Altname of an IP address or Domain name, EMAIL, or URI.
Example 1:
GENCERT CERTAUTH.suffix Subj(CN='cn name'
OU='Dept name' O='Company Name' C=xx) label(label name)
ALtname(IP=###.###.###.##)
CERTDATA / CERTAUTH.suffix LAST CHANGED BY USER001 ON 10/10/14-12:29
CERTNSER(0000000000000001) ISSUERDN(CN=cn name.OU=Dept name.O=
Company Name.C=xx) KEYSIZE(1,024) LABEL(label name) SERIAL#(00)
SUBJDN(CN=cn name.OU=Dept name.O=Company name.C=xx) TRUST
Certificate is not connected to any key rings
PROFILE
chkcert CERTAUTH.SUFFIX
Label:
Audit CA
Serial number:
00
Issuer's distinguished name:
CN=cn name
OU=Dept name
O=Company name
C=xx
Subject's distinguished name:
CN=cn name
OU=Dept name
O=Company name
C=xx
Subject's AltNames:
IP: ###.###.###.##
Key Usage:
CERTSIGN
Not valid before:
2014/10/10 00:00:00 UTC
Not valid after:
2015/10/10 23:59:59 UTC
Private Key Type:
RSA
Private key bit size:
1024
Signature Algorithm:
sha-1WithRSAEncryption
This certificate is registered with CA ACF2
The CERTDATA record key is CERTAUTH.SUFFIX
CERTDATA / CERTAUTH.SUFFIX LAST CHANGED BY USER001 ON 10/10/14-12:29
CERTNSER(0000000000000001) ISSUERDN(CN=cn name.OU=Dept name.O=
Company name.C=xx) KEYSIZE(1,024) LABEL(label name) SERIAL#(00)
SUBJDN(CN=cn name.OU=Dept name.O=Company name.C=xx) TRUST
Certificate is not connected to any key rings
Example 2:
GENCERT TEST01.cert Subj(CN='sys1.test.com' OU='test' C=US)
ALtname(DOMAIN=sys1.test.com ip=###.###.#.### [email protected] URI=http://example.com)
Label:
TEST01.CERT
Serial number:
00
Issuer's distinguished name:
CN=sys1.test.com
OU=test
C=US
Subject's distinguished name:
CN=test01 altname no label
OU=test
C=US
Subject's AltNames:
IP: ###.###.#.###
E-mail: [email protected]
Domain: sys1.test.com
URI: http://example.com
Not valid before:
2016/04/14 00:00:00 UTC
Not valid after:
2017/04/14 23:59:59 UTC
Private Key Type:
RSA
Private key bit size:
1024
Signature Algorithm:
sha-1WithRSAEncryption
This certificate is registered with CA ACF2
The CERTDATA record key is TEST01.CERT
CERTDATA / TEST01.CERT LAST CHANGED BY USER001 ON 04/14/16-11:04
CERTNSER(0000000000000001)
ISSUERDN(CN=test01 altname no label.OU=test.C=US)
KEYSIZE(1,024) LABEL(TEST01.CERT) SERIAL#(00)
SUBJDN(CN=test01 altname no label.OU=test.C=US) TRUST
Notes:
- The ACF2 GENCERT command supports the ALtname parameter which specifies the IP, DOMAIN, EMAIL, or URI values for the subjectAltName extension. One or more of the values can be specified however multiple entries of the same type are not supported, for example two DOMAIN or two IP values cannot be specified but one DOMAIN, one IP, one EMAIL and one URI value can be specified in the ALTNAME parameter.
- The correct separator character to use within the ALTNAME parameters IP, DOMAIN, EMAIL, or URI of GENCERT is a blank.
Additional Information
Details on the ACF GENCERT command can be found in ACF2 documentation section GENCERT Subcommand
Feedback
