I have skimmed through a few RFCs following today's postings and a few
web sites. It would seem to me that I should:
Remove commonName and emailAddress completely from the cnf file. They no
longer belong in any cert, root or intermediate CA certs, server or user
certs.
For servers include something like in the cnf file:
subjectAltName = DNS:www.example.com, DNS:example.com, DNS=localhost,
EMAIL:postmaster@xxxxxxxxxxx
(That is all suppose to be on a single line in case your mail viewer
wraps it).
Um, I can specify 'localhost' in this manner if I am on the server and
connecting in the browser with https://localhost ??
And for clients:
subjectAltName = EMAIL:user@xxxxxxxxxxx
I am looking at how to build the above line using ENV variables. It is
more a matter of how I do it than can I do it...
thanks for any advice
Bob
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
