Oups, as it's your own CA, you may want to investigate wildcard
certificates, also (FQDN: *.domain.com):
http://web.archive.org/web/20071124072414/http://wp.netscape.com/eng/security/ssl_2.0_certificate.html
and search for the word encoding (ie. section Subject Common Name).
Cdlt, Dave
------
David (Dave) Donnan wrote:
Hello. My two centimes worth.
Although I use OpenSSL in test, I've never used altnames - sorry.
In prod we use a comercial CA. I find that if I want to use one or
more altname(s) I must also specify the FQDN in the list of altnames.
Common Name:
wiki.a.b
Alternate Name (DNS):
wiki.a.b
wikisso.a.b
Cdlt, Dave
---
John A. Sullivan III wrote:
On Tue, 2010-01-05 at 00:23 +0100, muzzol wrote:
2010/1/4 Rich Megginson <rmeggins@xxxxxxxxxx>:
muzzol wrote:
Did you specify the FQDN with the -h argument? What hostname did you give?
The real hostname or the subjectAltName?
i've used FQDN for CN and additional DNS entry for subjectAltName.
anyway, i've found that i get a diferent cert when signing it with
OpenSSL (openssl -req) and certutil (-C).
i've created a sample CA with certutil and repeated all process. now i
dont get that error anymore.
is this a known behaviour? is there any limitations with
subjectAltName and OpenSSL signing?
anyone using OpenSSL to sign their DS certs?
We are (via OpenCA) but we are also doing server side key generation -
John
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
|
--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users