On Tue, 2010-01-05 at 00:23 +0100, muzzol wrote: > 2010/1/4 Rich Megginson <rmeggins at redhat.com>: > > muzzol wrote: > > Did you specify the FQDN with the -h argument? What hostname did you give? > > The real hostname or the subjectAltName? > > i've used FQDN for CN and additional DNS entry for subjectAltName. > > > anyway, i've found that i get a diferent cert when signing it with > OpenSSL (openssl -req) and certutil (-C). > > i've created a sample CA with certutil and repeated all process. now i > dont get that error anymore. > > is this a known behaviour? is there any limitations with > subjectAltName and OpenSSL signing? > > anyone using OpenSSL to sign their DS certs? > > > We are (via OpenCA) but we are also doing server side key generation - John
