[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3158) ldapsearch does not match simple hostnames against fqdns in certificates

For future reference via this bug report, it appears that the answer lies in the
FAQomatic entry:


    RFC 2830 also specifies a means for additional names to be set in a
    certificate. This is done using the subjectAltName field which is an X.509v3
    extension of the basic certificate. This field can be used to list aliases
    for a server, shared names in a load-balancing setup, or any other desired
    purpose. A wildcard can also be used, to allow a single certificate to match
    all hostnames within a given domain.

    In the openssl.cnf file, the syntax for this extension is


    Any number of names may be specified in the comma-separated list. 

Perhaps this could be added to the Administrator's Guide.

Chad C. Walstrom <walst005@umn.edu>                   247 Gortner Hall
Asst. Director of IT                                Help: 612-625-9284
CBS Computing Services, UMN                        Phone: 612-624-2918