[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Some TLS questions

--On Wednesday, July 21, 2004 12:26 PM -0300 Andreas <andreas@conectiva.com.br> wrote:

On Wed, Jul 21, 2004 at 08:03:52AM -0300, Jean-Rene Cormier wrote:
Is there a way I can create the certificate so I can connect to the
server using different hostnames so I could use CNAMEs to make
openldap.mydomain.com point to hostname.mydomain.com?

yes, use subjectAltName. Works perfectly, I just tried it yesterday. You will need something like this in the usr_cert section in your openssl.cnf file if you are generating your own certificates:

subjectAltName = DNS:server.company.com,IP:

Just an example, of course. I guess wildcards are also allowed, but
I haven't tried those.

wildcards work with openldap, we have a wildcard cert that's working quite well. ;)


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html