[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multi-homed machine and TLS


Imobach González Sosa <igonzalez@becarios.ulpgc.es> writes:

> El Miércoles, 15 de Septiembre de 2004 12:44, Dieter Kluenter escribió:
>> It does work! My Server has the FQDN marin.l4b.de and the CNAME
>> ldap.l4b.de and kerberos.l4b.de, the client certificate contains the
>> subjectAltName=DNS: ldap.l4b.de localhost
>> A search on host ldap.4b.de is successful
> Right, thank you. However, I don't know what to check ;) I mean that my 
> certificate (I tested several) have a subjectAltName and a commonName... and 
> always read the CN. Any particular value in commonName?

openssl x509 -in hostcert.pem -text

should show something like
,----[ certificate text ]
|  Validity
|    Not Before: Aug 12 09:50:42 2004 GMT
|    Not After : Feb  2 09:50:42 2010 GMT
|    Subject: C=DE, L=Hamburg,O=AVCI, OU=Administration,CN=marin.l4b.de
|    Subject Public Key Info:
|    Public Key Algorithm: rsaEncryption
|    RSA Public Key: (1024 bit)
|    Modulus (1024 bit):
| [...]
|    X509v3 Subject Alternative Name: 
|             DNS:ldap.l4b.de

Now, in what part of openssl.cnf did you put the subjectAltName?
it should be within [ usr_cert ] part.
Is the alternate hostname resolveable by the resolver?


Dieter Klünter | Systemberatung
GPG Key ID:8C183C8622115328