[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Alternate names in certificates

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of
> Dave Horsfall

> What will *not* work, apparently, is having the extension in
> the client
> configuration file; the CA has to be told to insert it, and
> this is where
> the messiness starts.

This is a known limitation (bug) in OpenSSL 0.9.6. I don't recall if it's
been fixed in 0.9.7 or 0.9.8. (That is, extensions in the cert request are
not propagated into the signed certificate.) You could browse the ChangeLogs
and find out. But this is fodder for the openssl-users mailing list...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support