Creating a Certificate With Multiple Hostnames

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Emmanuel BILLOT a ?crit :
> lambam80 at hotmail.com a ?crit :
>> Wildcard certificates may still work.
>>  
>> Netscape unfortunately yanked their pages on the subject so my legacy 
>> Bookmarks can't help you.
>>  
>> I'm not sure if the CMS is able to create them, however, the page I 
>> remember related to the Netscape
>> Enterprise (read: Web) server.
>>  
>> However, I have found a reference:
>>  
>> https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html
>
> Ok found how to check my csr
>
> # openssl req -text -noout -in cert.csr
> Certificate Request:
>    Data:
>        Version: 0 (0x0)
>        Subject: C=FR, L=toutou, O=IRD, OU=DSI, CN=gaia.toutou.fr
>        Subject Public Key Info:
>            Public Key Algorithm: rsaEncryption
>            RSA Public Key: (1024 bit)
>                Modulus (1024 bit):
>                    00:b6:c2:60:30:e0:52:bc:49:52:72:c7:16:68:b3:
>                    66:3f:34:4b:7a:cf:3b:da:58:07:e1:10:ec:14:8b:
>                    42:10:89:f1:b7:53:fd:7a:cb:9e:b6:de:bb:61:13:
>                    16:11:91:be:49:c1:75:50:22:40:25:a8:ae:bd:3a:
>                    7b:75:90:2f:1c:33:57:ca:f0:c8:01:c9:0d:8b:56:
>                    80:6e:c1:46:9f:b4:dc:e4:9b:1f:bd:31:be:c9:1d:
>                    bf:63:d9:05:14:5a:bf:6e:f5:31:64:6c:14:c0:27:
>                    ae:7e:0f:7c:fa:e0:5c:f5:c2:4a:a2:ef:a9:f2:22:
>                    f7:7a:27:0a:63:c6:4f:27:75
>                Exponent: 65537 (0x10001)
>        Attributes:
>        Requested Extensions:
>            X509v3 Subject Alternative Name:
>                DNS:waren.toutou.fr
>    Signature Algorithm: sha1WithRSAEncryption
>        6b:9f:cd:9c:06:4b:68:c0:8b:95:93:ca:b6:8d:da:be:64:84:
>        0d:9d:03:8e:50:0b:0f:07:d7:0f:8a:8f:0f:11:d4:09:de:59:
>        32:dd:95:6a:c0:30:0d:a9:d2:71:76:d7:b6:c0:8f:57:03:fb:
>        be:0f:e3:62:16:e2:39:1f:9c:15:f0:84:ba:6a:57:f7:a8:9b:
>        e4:5a:60:3e:b5:b7:a3:79:ca:11:e0:95:50:fd:ee:56:e2:05:
>        df:8d:ac:0e:f5:e3:31:a7:ea:d3:6e:7a:57:e7:67:fd:11:94:
>        58:72:cb:ee:f2:64:89:82:e2:b5:a9:8a:ea:a6:b7:1f:b7:84:
>        2c:60
>
> So it seems that the CA does not recognize the DNS x509_v3 option.
>
> How can i know it ?  
Actually, CA does not recognize the DNS x509_v3 option. I had to use the

copy_extensions = copy

option in the openssl.cnf to activate it.
Now i can use multiple hostname certs with FDS.

-- 
==========================================
Emmanuel BILLOT
IRD - Orl?ans
D?l?gation aux Syst?mes d'Information (DSI)
t?l : 02 38 49 95 88
==========================================
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux