certificate with subjectAltName or wildcards

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oups, as it's your own CA, you may want to investigate wildcard 
certificates, also (FQDN: *.domain.com):

        http://web.archive.org/web/20071124072414/http://wp.netscape.com/eng/security/ssl_2.0_certificate.html

and search for the word encoding (ie. section *Subject Common Name).

Cdlt, Dave
------

*David (Dave) Donnan wrote:
> Hello. My two centimes worth.
>
> Although I use OpenSSL in test, I've never used altnames - sorry.
>
> In prod we use a comercial CA.  I find that if I want to use one or 
> more altname(s) I must also specify the FQDN in the list of altnames.
>
>         Common Name: *
>         wiki*.a.b
>         Alternate Name (DNS):*
>         wiki*.a.b*
>         wikisso*.a.b
>
> Cdlt, Dave
> ---
> John A. Sullivan III wrote:
>> On Tue, 2010-01-05 at 00:23 +0100, muzzol wrote: 
>>   
>>> 2010/1/4 Rich Megginson <rmeggins at redhat.com>:
>>>     
>>>> muzzol wrote:
>>>> Did you specify the FQDN with the -h argument?  What hostname did you give?
>>>>  The real hostname or the subjectAltName?
>>>>       
>>> i've used FQDN for CN and additional DNS entry for subjectAltName.
>>>
>>>
>>> anyway, i've found that i get a diferent cert when signing it with
>>> OpenSSL (openssl -req) and certutil (-C).
>>>
>>> i've created a sample CA with certutil and repeated all process. now i
>>> dont get that error anymore.
>>>
>>> is this a known behaviour? is there any limitations with
>>> subjectAltName and OpenSSL signing?
>>>
>>> anyone using OpenSSL to sign their DS certs?
>>>
>>>
>>>
>>>     
>> We are (via OpenCA) but we are also doing server side key generation -
>> John
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>   
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20100105/7f28a91a/attachment.html 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux