[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Alternate names in certificates

To: "'Dave Horsfall'" <daveh@ci.com.au>, "'OpenLDAP Software List'" <openldap-software@OpenLDAP.org>
Subject: RE: Alternate names in certificates
From: "Howard Chu" <hyc@highlandsun.com>
Date: Mon, 14 Jul 2003 00:37:38 -0700
Importance: Normal
In-reply-to: <20030714150605.B907@mippet.ci.com.au>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> Dave Horsfall

> What will *not* work, apparently, is having the extension in
> the client
> configuration file; the CA has to be told to insert it, and
> this is where
> the messiness starts.

This is a known limitation (bug) in OpenSSL 0.9.6. I don't recall if it's
been fixed in 0.9.7 or 0.9.8. (That is, extensions in the cert request are
not propagated into the signed certificate.) You could browse the ChangeLogs
and find out. But this is fodder for the openssl-users mailing list...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

Follow-Ups:
- Re: Alternate names in certificates
  - From: Richard Levitte - VMS Whacker <levitte@stacken.kth.se>
- Re: Alternate names in certificates
  - From: Michael Ströder <michael@stroeder.com>

References:
- Re: Alternate names in certificates
  - From: Dave Horsfall <daveh@ci.com.au>

Prev by Date: building openlda-2.1.22 on AIX 5.1
Next by Date: Re: Centralised Address Book
Index(es):
- Chronological
- Thread