Search

Chapter 20. SubjectAltNameExt (Adding the Subject Alternative Name Extension to a Request)

download PDF
The GenSubjectAltNameExt creates a base-64 encoded blob to add the alternate subject name extension, SubjectAltNameExt (OID 2.5.29.17), to the new certificate. This blob is pasted into the certificate approval page when the certificate is created.

20.1. Syntax

The GenSubjectAltNameExt tool uses parameter pairs where the first parameter specifies the type of name format, and the second parameter gives that name in the specified format.
This tool has the following syntax:

GenSubjectAltNameExt general_type# ... general_name# ...

Parameter Description
general_type Sets the type of name that is used. This can be any of the following strings:
  • RFC822Name
  • DNSName
  • EDIPartyName
  • URIName
  • IPAddressName
  • OIDName
  • X500Name
general_name A string, conforming to the specified format, of the subject name.
  • For RFC822Name, the value must be a valid Internet mail address. For example, testCA@example.com.
  • For DNSName, the value must be a valid fully-qualified domain name. For example, testCA.example.com.
  • For EDIPartyName, the value must be an IA5String. For example, Example Corporation.
  • For URIName, the value must be a non-relative URI following the URL syntax and encoding rules. The name must include both a scheme, such as http, and a fully qualified domain name or IP address of the host. For example, http://testCA.example.com.
  • For IPAddressName, the value must be a valid IP address. An IPv4 address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, 128.21.39.40 or 128.21.39.40,255.255.255.00. An IPv6 address uses a 128-bit namespace, with the IPv6 address separated by colons and the netmask separated by periods. For example, 0:0:0:0:0:0:13.1.68.3, FF01::43, 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.0, and FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.
  • For OIDName, the value must be a unique, valid OID specified in dot-separated numeric component notation. For example, 1.2.3.4.55.6.5.99.
  • For X500Name, the value must be a string form of X.500 name, similar to the subject name in a certificate. For example, cn=SubCA, ou=Research Dept, o=Example Corporation, c=US.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.