Hello. My two centimes worth. Although I use OpenSSL in test, I've never used altnames - sorry. In prod we use a comercial CA. I find that if I want to use one or more altname(s) I must also specify the FQDN in the list of altnames. Cdlt, Dave --- John A. Sullivan III wrote: On Tue, 2010-01-05 at 00:23 +0100, muzzol wrote:2010/1/4 Rich Megginson <rmeggins@xxxxxxxxxx>:muzzol wrote: Did you specify the FQDN with the -h argument? What hostname did you give? The real hostname or the subjectAltName?i've used FQDN for CN and additional DNS entry for subjectAltName. anyway, i've found that i get a diferent cert when signing it with OpenSSL (openssl -req) and certutil (-C). i've created a sample CA with certutil and repeated all process. now i dont get that error anymore. is this a known behaviour? is there any limitations with subjectAltName and OpenSSL signing? anyone using OpenSSL to sign their DS certs?We are (via OpenCA) but we are also doing server side key generation - John -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users |
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users