RE: Alternate names in certificates

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Dave Horsfall

> Now that I've got 2.1.22 more or less working (with my own CA-signed
> certificates), the next obstacle is servers having several names.  For
> example,
> ldap.example.com/ldap.au.example.com/server.example.com would all
> be the same machine.
>
> I've perused the archives, and found several messages
> referring to this
> (but in reference to round-robin DNS), but nothing along the lines of
> "this is how you do it".

That's funny. When I enter "subjectaltname" into the archive search page I
get several hits, including this one:
http://www.openldap.org/lists/openldap-software/200303/msg01006.html

> What I have been able to find implies that a
> single alternate name can be given

Wrong, you can have as many as you want, as the previous messages on this
list have already illustrated.

> So, how have people done this?  Assume I know nothing about X.509...

OK. If you know nothing about X.509, go read the OpenSSL documentation. You
should not be messing with X.509 authentication if you know nothing about it,
and this is not the proper forum for teaching the subject.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support