subjectAltName + sign uploaded CSRs #2
Description
In the environment I'm using phpki, it would be great for me to have these to features:
- Multiple Domains Extension (subjectAltName)
- Signing of uploaded CSRs
Example: I have a base-domain 'domain.tld' and I am running different services, like a redmine via Apache/Passenger and an XMPP-server. For convenience these services are available at different aliases, like xmpp.domain.tld, jabber.domain.tld, chat.domain.tld. I could create a wildcard-cert now, but I would like to have different certs per service and I don't want wildcard-certs. For that case, "subjectAltName" is very useful. By managing the CA by hand I create an extensions-file with the following content:
[ extension_section ]
subjectAltName = @alt_name_section
[ alt_name_section ]
DNS.1 = alt1.domain.tld
DNS.2 = alt2.domain.tld
DNS.3 = alt3.domain.tld
When signing, the following options are added:
openssl ... -extfile path/to/extensions.file -extensions extension_section
The signing of uploaded CSRs would be very useful. I have a zimbra-server running and the SSL-assistant only supports self-signed, creating a csr for a ca or installing a certificate retrieved from the created csr. This is bad design by zimbra, but apart from solving that problem for me, I think it would be useful for other situations.
What do you think about these two features?
I already looked at the code and I think it's not that much work. I even would contribute the code, but I'm currently so short of time 8o/
If you like it, but can't do it yourself, I might get it done, either by myself or someone having some time for it.