Oups, as it's your own CA, you may want to investigate wildcard
certificates, also (FQDN: *.domain.com):
http://web.archive.org/web/20071124072414/http://wp.netscape.com/eng/security/ssl_2.0_certificate.html
and search for the word encoding (ie. section *Subject Common Name).
Cdlt, Dave
------
*David (Dave) Donnan wrote:
> Hello. My two centimes worth.
>
> Although I use OpenSSL in test, I've never used altnames - sorry.
>
> In prod we use a comercial CA. I find that if I want to use one or
> more altname(s) I must also specify the FQDN in the list of altnames.
>
> Common Name: *
> wiki*.a.b
> Alternate Name (DNS):*
> wiki*.a.b*
> wikisso*.a.b
>
> Cdlt, Dave
> ---
> John A. Sullivan III wrote:
>> On Tue, 2010-01-05 at 00:23 +0100, muzzol wrote:
>>
>>> 2010/1/4 Rich Megginson <rmeggins at redhat.com>:
>>>
>>>> muzzol wrote:
>>>> Did you specify the FQDN with the -h argument? What hostname did you give?
>>>> The real hostname or the subjectAltName?
>>>>
>>> i've used FQDN for CN and additional DNS entry for subjectAltName.
>>>
>>>
>>> anyway, i've found that i get a diferent cert when signing it with
>>> OpenSSL (openssl -req) and certutil (-C).
>>>
>>> i've created a sample CA with certutil and repeated all process. now i
>>> dont get that error anymore.
>>>
>>> is this a known behaviour? is there any limitations with
>>> subjectAltName and OpenSSL signing?
>>>
>>> anyone using OpenSSL to sign their DS certs?
>>>
>>>
>>>
>>>
>> We are (via OpenCA) but we are also doing server side key generation -
>> John
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100105/7f28a91a/attachment.html
