kingcdavid
commented
1 year ago I think this is an error with the input, the error is saying you need to put a SAN (dnsnaems) in the request i.e.
./hvclient --commonname example.com -dnsnames example.com -csr csr.pem
First generate a private key: openssl genrsa -out ./private.key 2048
Then use hvclient to create a CSR: ./hvclient -privatekey ./private.key --commonname example.com -csrout csr.pem > csr.pem
Then we can look at the CSR, (this is optional) openssl req -in csr.pem -text
We can then issue a cert hvclient -commonname Demo_cert -csr csr.pem | openssl x509 -req -extfile <(printf "subjectAltName=DNS:pki.atlasqa.co.uk") -text -signkey test.key -out certificate.crt
Got below error: hvclient: couldn't obtain certificate: 422: san.dns_names: has to have between 1 and 2 items 139781497472320:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: CERTIFICATE REQUEST