Hello. My two centimes worth.
Although I use OpenSSL in test, I've never used altnames - sorry.
In prod we use a comercial CA. I find that if I want to use one or more
altname(s) I must also specify the FQDN in the list of altnames.
Common Name: *
wiki*.a.b
Alternate Name (DNS):*
wiki*.a.b*
wikisso*.a.b
Cdlt, Dave
---
John A. Sullivan III wrote:
> On Tue, 2010-01-05 at 00:23 +0100, muzzol wrote:
>
>> 2010/1/4 Rich Megginson <rmeggins at redhat.com>:
>>
>>> muzzol wrote:
>>> Did you specify the FQDN with the -h argument? What hostname did you give?
>>> The real hostname or the subjectAltName?
>>>
>> i've used FQDN for CN and additional DNS entry for subjectAltName.
>>
>>
>> anyway, i've found that i get a diferent cert when signing it with
>> OpenSSL (openssl -req) and certutil (-C).
>>
>> i've created a sample CA with certutil and repeated all process. now i
>> dont get that error anymore.
>>
>> is this a known behaviour? is there any limitations with
>> subjectAltName and OpenSSL signing?
>>
>> anyone using OpenSSL to sign their DS certs?
>>
>>
>>
>>
> We are (via OpenCA) but we are also doing server side key generation -
> John
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100105/f91907b1/attachment.html
