[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Some TLS questions

On Wed, Jul 21, 2004 at 08:03:52AM -0300, Jean-Rene Cormier wrote:
> Is there a way I can create the certificate so I can connect to the
> server using different hostnames so I could use CNAMEs to make
> openldap.mydomain.com point to hostname.mydomain.com?

yes, use subjectAltName. Works perfectly, I just tried it yesterday.
You will need something like this in the usr_cert section in your 
openssl.cnf file if you are generating your own certificates:

subjectAltName = DNS:server.company.com,IP:

Just an example, of course. I guess wildcards are also allowed, but
I haven't tried those.

> Also this is not really specific to OpenLDAP and more of a generic
> SSL/TLS question but if you have different services running on one
> server do you use the same certificate/private key for both services or
> do you create a new one? If you create a new one, can you use the same
> CN for both certificate?

I would use a new certificate/key pair for the other service.