[Date Prev][Date Next]
Re: Alternate names in certificates
Dave Horsfall <firstname.lastname@example.org> writes:
> Now that I've got 2.1.22 more or less working (with my own CA-signed
> certificates), the next obstacle is servers having several names. For
> example, ldap.example.com/ldap.au.example.com/server.example.com would all
> be the same machine.
> I've perused the archives, and found several messages referring to this
> (but in reference to round-robin DNS), but nothing along the lines of
> "this is how you do it". What I have been able to find implies that a
> single alternate name can be given (and unless I change a lot of things
> over which I have limited control, I need several), but muddling around in
> RFC2830 (section 3.6) reveals that subjectAltName is to be used (if
> present) in preference to the certificate name, thereby defeating the
> purpose of alternate names...
> So, how have people done this? Assume I know nothing about X.509...
Have you tried to edit openssl.cnf to your needs?
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521