Re: [389-users] certificate with subjectAltName

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello. My two centimes worth.

Although I use OpenSSL in test, I've never used altnames - sorry.

In prod we use a comercial CA.  I find that if I want to use one or more altname(s) I must also specify the FQDN in the list of altnames.

Common Name:
wiki
.a.b
Alternate Name (DNS):
wiki
.a.b
wikisso
.a.b

Cdlt, Dave
---
John A. Sullivan III wrote:
On Tue, 2010-01-05 at 00:23 +0100, muzzol wrote: 
  
2010/1/4 Rich Megginson <rmeggins@xxxxxxxxxx>:
    
muzzol wrote:
Did you specify the FQDN with the -h argument?  What hostname did you give?
 The real hostname or the subjectAltName?
      
i've used FQDN for CN and additional DNS entry for subjectAltName.


anyway, i've found that i get a diferent cert when signing it with
OpenSSL (openssl -req) and certutil (-C).

i've created a sample CA with certutil and repeated all process. now i
dont get that error anymore.

is this a known behaviour? is there any limitations with
subjectAltName and OpenSSL signing?

anyone using OpenSSL to sign their DS certs?



    
We are (via OpenCA) but we are also doing server side key generation -
John

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

  

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux