Re: syncrepl, client certificate containing subjectAltName and non UTF-8 chars

[manu@netbsd.org (Emmanuel Dreyfus)]

Howard Chu <hyc@symas.com> wrote:

> > http://openssl.org/docs/apps/ca.html#
> > http://openssl.org/docs/apps/x509v3_config.html#
> 
> I should note that these are the same man pages that are bundled in the
> OpenSSL packages themselves. It seems odd to go to search engines when the
> info you're looking for is already on your own machine. It seems odd to go
> to search engines instead of the home web sites of the actual software
> you're working with...

Well, that documentation (which I already checked) is a good reference
documentation, but it's a very poor  for learning how to actually do
things. 

I found no documentation what should exactly be done to generate
certificates with subjectAltName for a bunch of machines sharing the
same DNS address. After loosing a lot of time on it, I reported how I
created certificates with subjectAltName, with the hope it could help
others that would face the same problem:
http://www.openldap.org/lists/openldap-software/200707/msg00326.html

Nobody told me it was wrong, which proves either that this setup is
really not obvious for anyone, or that it is of no interest to anyone.
I'll retain the first alternative and I'll post an update when I'll have
found how this should be done.

However, having to loose days of work on problems that other already
solved is very frustrating. 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org