Document how to add a Subject Alternative Name (SAN).

Author: millert

docs/sudo_logsrvd.man.in

@@ -222,6 +222,9 @@ certificate             = $dir/cacert.pem
 new_certs_dir           = $dir/newcerts
 serial                  = $dir/serial
 
+# Copy extension from the csr to the cert
+copy_extensions         = copy
+
 # CA policy if you don't have one defined already.
 policy			= policy_loose
 
@@ -361,6 +364,21 @@ An optional company name []:
 .RE
 .fi
 .PP
+To add additional DNS names (or IP addresses) to the request, set
+the Subject Alternative Name (SAN) by adding the something like
+the following to the above command.
+.nf
+.sp
+.RS 4n
+-addext 'subjectAltName = DNS:other.example.com, IP:192.168.10.10'
+.RE
+.fi
+.PP
+You may include zero or more DNS and IP entries, separated by a comma.
+This will only work if
+\fRcopy_extensions\fR
+has been enabled in the CA configuration.
+.PP
 Now sign the CSR that was just created:
 .nf
 .sp

docs/sudo_logsrvd.mdoc.in

@@ -204,6 +204,9 @@ certificate             = $dir/cacert.pem
 new_certs_dir           = $dir/newcerts
 serial                  = $dir/serial
 
+# Copy extension from the csr to the cert
+copy_extensions         = copy
+
 # CA policy if you don't have one defined already.
 policy			= policy_loose
 
@@ -327,6 +330,18 @@ A challenge password []:
 An optional company name []:
 .Ed
 .Pp
+To add additional DNS names (or IP addresses) to the request, set
+the Subject Alternative Name (SAN) by adding the something like
+the following to the above command.
+.Bd -literal -offset 4n
+-addext 'subjectAltName = DNS:other.example.com, IP:192.168.10.10'
+.Ed
+.Pp
+You may include zero or more DNS and IP entries, separated by a comma.
+This will only work if
+.Li copy_extensions
+has been enabled in the CA configuration.
+.Pp
 Now sign the CSR that was just created:
 .Bd -literal -offset 4n
 # openssl ca -config openssl.cnf -days 375 -notext -md sha256 \e