[Date Prev][Date Next]
Re: (ITS#3158) ldapsearch does not match simple hostnames against fqdns in certificates
For future reference via this bug report, it appears that the answer lies in the
RFC 2830 also specifies a means for additional names to be set in a
certificate. This is done using the subjectAltName field which is an X.509v3
extension of the basic certificate. This field can be used to list aliases
for a server, shared names in a load-balancing setup, or any other desired
purpose. A wildcard can also be used, to allow a single certificate to match
all hostnames within a given domain.
In the openssl.cnf file, the syntax for this extension is
Any number of names may be specified in the comma-separated list.
Perhaps this could be added to the Administrator's Guide.
Chad C. Walstrom <firstname.lastname@example.org> 247 Gortner Hall
Asst. Director of IT Help: 612-625-9284
CBS Computing Services, UMN Phone: 612-624-2918