[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Alternate names in certificates

To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Subject: Re: Alternate names in certificates
From: Dave Horsfall <daveh@ci.com.au>
Date: Mon, 14 Jul 2003 15:28:21 +1000 (EST)
Archive: No
In-reply-to: <20030710165056.L40995@mippet.ci.com.au>
References: <20030710154518.I40995@mippet.ci.com.au> <10944297.1057793943@cadabra-dsl.stanford.edu> <20030710165056.L40995@mippet.ci.com.au>

On Thu, 10 Jul 2003, Dave Horsfall wrote:

> > subjectAltName=DNS:ldap.example.com,DNS:ldap.au.example.com,DNS:server.example.com
>
> A thousand blessings, Quanah; that is exactly what I was after!

And following some experiments, if you have a boat-load of servers and
don't feel like editing openssl.cnf each time (or keeping multiple
copies), the following works:

openssl.cnf (say just before v3_req):

  [ local_host1 ]
  subjectAltName=DNS:host1.example.com,DNS:host1

  [ local_host2 ]
  subjectAltName=DNS:host2.example.com,DNS:ldap.example.com,DNS:ldap.au.example.com

Then hack the CA script (or write yer own) to say:

  -extensions $local

and pass say "local_host2" as $local.

What will *not* work, apparently, is having the extension in the client
configuration file; the CA has to be told to insert it, and this is where
the messiness starts.

There's probably better ways, but this one works (for me, anyway).

-- 
Dave Horsfall  DTM  VK2KFU  daveh@ci.com.au  Ph: +61 2 9906-7866  Fx: 9906-1556
Corinthian Engineering, Level 1, 401 Pacific Hwy, Artarmon, NSW 2064, Australia

Follow-Ups:
- RE: Alternate names in certificates
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- Alternate names in certificates
  - From: Dave Horsfall <daveh@ci.com.au>
- Re: Alternate names in certificates
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Alternate names in certificates
  - From: Dave Horsfall <daveh@ci.com.au>

Prev by Date: LDAP performance question
Next by Date: Centralised Address Book
Index(es):
- Chronological
- Thread