[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Alternate names in certificates

Dave Horsfall <daveh@ci.com.au> writes:

> Now that I've got 2.1.22 more or less working (with my own CA-signed
> certificates), the next obstacle is servers having several names.  For
> example, ldap.example.com/ldap.au.example.com/server.example.com would all
> be the same machine.
> I've perused the archives, and found several messages referring to this
> (but in reference to round-robin DNS), but nothing along the lines of
> "this is how you do it".  What I have been able to find implies that a
> single alternate name can be given (and unless I change a lot of things
> over which I have limited control, I need several), but muddling around in
> RFC2830 (section 3.6) reveals that subjectAltName is to be used (if
> present) in preference to the certificate name, thereby defeating the
> purpose of alternate names...
> So, how have people done this?  Assume I know nothing about X.509...

Have you tried to edit openssl.cnf to your needs?


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de