[Date Prev][Date Next]
Re: Alternate names in certificates
On Thu, 10 Jul 2003, Dave Horsfall wrote:
> > subjectAltName=DNS:ldap.example.com,DNS:ldap.au.example.com,DNS:server.example.com
> A thousand blessings, Quanah; that is exactly what I was after!
And following some experiments, if you have a boat-load of servers and
don't feel like editing openssl.cnf each time (or keeping multiple
copies), the following works:
openssl.cnf (say just before v3_req):
[ local_host1 ]
[ local_host2 ]
Then hack the CA script (or write yer own) to say:
and pass say "local_host2" as $local.
What will *not* work, apparently, is having the extension in the client
configuration file; the CA has to be told to insert it, and this is where
the messiness starts.
There's probably better ways, but this one works (for me, anyway).
Dave Horsfall DTM VK2KFU email@example.com Ph: +61 2 9906-7866 Fx: 9906-1556
Corinthian Engineering, Level 1, 401 Pacific Hwy, Artarmon, NSW 2064, Australia