[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#3158) ldapsearch does not match simple hostnames against fqdns in certificates
For future reference via this bug report, it appears that the answer lies in the
FAQomatic entry:
http://www.openldap.org/faq/index.cgi?_highlightWords=tls&file=185
RFC 2830 also specifies a means for additional names to be set in a
certificate. This is done using the subjectAltName field which is an X.509v3
extension of the basic certificate. This field can be used to list aliases
for a server, shared names in a load-balancing setup, or any other desired
purpose. A wildcard can also be used, to allow a single certificate to match
all hostnames within a given domain.
In the openssl.cnf file, the syntax for this extension is
subjectAltName=DNS:alias1.domain1,DNS:host2.domain2,DNS:*.domain3
Any number of names may be specified in the comma-separated list.
Perhaps this could be added to the Administrator's Guide.
--
Chad C. Walstrom <walst005@umn.edu> 247 Gortner Hall
Asst. Director of IT Help: 612-625-9284
CBS Computing Services, UMN Phone: 612-624-2918