Re: Creating a Certificate With Multiple Hostnames

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Emmanuel BILLOT a écrit :

lambam80@xxxxxxxxxxx a écrit :

Wildcard certificates may still work.
Netscape unfortunately yanked their pages on the subject so my legacy Bookmarks can't help you. I'm not sure if the CMS is able to create them, however, the page I remember related to the Netscape 
Enterprise (read: Web) server.
However, I have found a reference: https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html 

Ok found how to check my csr

# openssl req -text -noout -in cert.csr
Certificate Request:
   Data:
       Version: 0 (0x0)
       Subject: C=FR, L=toutou, O=IRD, OU=DSI, CN=gaia.toutou.fr
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
           RSA Public Key: (1024 bit)
               Modulus (1024 bit):
                   00:b6:c2:60:30:e0:52:bc:49:52:72:c7:16:68:b3:
                   66:3f:34:4b:7a:cf:3b:da:58:07:e1:10:ec:14:8b:
                   42:10:89:f1:b7:53:fd:7a:cb:9e:b6:de:bb:61:13:
                   16:11:91:be:49:c1:75:50:22:40:25:a8:ae:bd:3a:
                   7b:75:90:2f:1c:33:57:ca:f0:c8:01:c9:0d:8b:56:
                   80:6e:c1:46:9f:b4:dc:e4:9b:1f:bd:31:be:c9:1d:
                   bf:63:d9:05:14:5a:bf:6e:f5:31:64:6c:14:c0:27:
                   ae:7e:0f:7c:fa:e0:5c:f5:c2:4a:a2:ef:a9:f2:22:
                   f7:7a:27:0a:63:c6:4f:27:75
               Exponent: 65537 (0x10001)
       Attributes:
       Requested Extensions:
           X509v3 Subject Alternative Name:
               DNS:waren.toutou.fr
   Signature Algorithm: sha1WithRSAEncryption
       6b:9f:cd:9c:06:4b:68:c0:8b:95:93:ca:b6:8d:da:be:64:84:
       0d:9d:03:8e:50:0b:0f:07:d7:0f:8a:8f:0f:11:d4:09:de:59:
       32:dd:95:6a:c0:30:0d:a9:d2:71:76:d7:b6:c0:8f:57:03:fb:
       be:0f:e3:62:16:e2:39:1f:9c:15:f0:84:ba:6a:57:f7:a8:9b:
       e4:5a:60:3e:b5:b7:a3:79:ca:11:e0:95:50:fd:ee:56:e2:05:
       df:8d:ac:0e:f5:e3:31:a7:ea:d3:6e:7a:57:e7:67:fd:11:94:
       58:72:cb:ee:f2:64:89:82:e2:b5:a9:8a:ea:a6:b7:1f:b7:84:
       2c:60

So it seems that the CA does not recognize the DNS x509_v3 option.
How can i know it ? 
Actually, CA does not recognize the DNS x509_v3 option. I had to use the

copy_extensions = copy

option in the openssl.cnf to activate it.
Now i can use multiple hostname certs with FDS.

--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux