I'm trying to create a certificate request with two subjectAltNames in it, but am failing. I'm trying to include both my internal (intranet) hostname and the external (internet) hostname in the certificate.
The request looks like this:
Code:
[root@host bin]# ./zmcertmgr createcsr comm -new '/C=NL/L=City/O=Domain.com/CN=host.domain.lan' -subjectAltNames 'host.domain.lan,mail.domain.com'
** Generating a server csr for download comm -new /C=NL/L=City/O=Domain.com/CN=host.domain.lan -subjectAltNames host.domain.lan,mail.domain.com
subj=/C=NL/L=City/O=Domain.com/CN=host.domain.lan
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20080114111037
** Creating directory /opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp
** Creating server cert request /opt/zimbra/ssl/zimbra/commercial/commercial.csr...done.
But, the resulting csr does not include the subjectAltNames (it should be displayed under the certificate extensions - right?):
Code:
[root@tyr bin]# openssl req -in /opt/zimbra/ssl/zimbra/commercial/commercial.csr -noout -text
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: C=NL, L=City, O=Domain.com, CN=host.domain.lan
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:bb:b2:e5:16:85:d7:f0:71:f2:16:cd:74:74:7e:
                    0f:3b:e9:f5:33:10:32:c0:68:a1:16:2e:9c:cd:d6:
                    8c:20:05:33:cd:21:5e:ba:05:b6:0a:52:66:d9:0d:
                    bd:21:f4:0d:84:09:22:f1:72:83:a8:e7:60:f4:76:
                    2b:4d:ca:a3:dc:3d:2e:8a:99:87:c0:f2:58:dd:7a:
                    15:90:86:0e:fe:0f:d5:8a:fe:44:d9:e2:2e:f0:2d:
                    f4:f8:9c:db:77:67:94:55:ee:ce:d8:97:5c:53:ef:
                    ba:c0:23:4c:ae:d8:e7:a8:76:07:aa:04:ce:39:3d:
                    b3:5a:57:56:4b:eb:90:3d:63
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature, Non Repudiation, Key Encipherment
    Signature Algorithm: sha1WithRSAEncryption
        9d:99:46:73:34:3e:97:5a:b9:72:d5:29:b4:1f:8b:e0:c3:b7:
        cc:27:a0:65:82:98:7a:f1:ea:72:ac:6b:46:5b:c2:45:f4:78:
        ca:be:0d:fe:ee:5d:0f:fb:55:1b:04:c8:4c:78:e0:46:47:d4:
        20:8f:49:75:3e:c4:42:af:88:5f:dc:03:17:21:7d:41:ba:af:
        07:d7:25:e3:b3:51:4a:a2:13:e2:23:14:16:fd:4b:cc:8e:78:
        8d:d1:88:af:9c:06:15:86:f4:67:4e:1f:d4:e9:2a:4d:9b:cc:
        19:da:bd:8c:1d:59:aa:8a:86:05:71:5f:32:30:e3:d8:35:d2:
        f5:d4
What's going on here? What am I doing wrong?
I tried this using the admin GUI, but the result is the same.