[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SSL Cert Question



On Wednesday, August 11, 2004, at 11:28 AM, Jeff Saxton wrote:
I found this:
---- cut here ----

RFC 2830 also specifies a means for additional names to be set in a certificate. This is done using the subjectAltName field which is an X.509v3 extension of the basic certificate. This field can be used to list aliases for a server, shared names in a load-balancing setup, or any other desired purpose. A wildcard can also be used, to allow a single certificate to match all hostnames within a given domain.

In the openssl.cnf file, the syntax for this extension is

subjectAltName=DNS:alias1.domain1,DNS:host2.domain2,DNS:*.domain3

Any number of names may be specified in the comma-separated list
---- cut here ----
 
at http://www.openldap.org/faq/data/cache/185.html
 
I have looked in the O'Reilly OpenSSL book but have not been able to figure out where in the openssl.cnf
file to put this entry.  I need to do this so I can use something like ldap.mycompany.com and have it point
at a pool of ldap servers for high availability.

Put them in the [ v3_req ] section. You will need req_extensions = v3_req, in the [ req ] section, if that is missing or has been commented out.

	Donn Cave, donn@u.washington.edu