[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Subject Alternative Name in TLS - does this work?

To: Christian Kratzer <ck@cksoft.de>
Subject: Re: Subject Alternative Name in TLS - does this work?
From: lejeczek <peljasz@yahoo.co.uk>
Date: Mon, 21 Oct 2013 09:36:43 +0100
Cc: Christian Kratzer <ck-lists@cksoft.de>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1382344604; bh=xke8vUsyi30sPu8sQ5XIbx6X1/Zi5eTwSX62qA9zI8A=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=kX/2IYSNrhsHZnNoV3l2UMhxfSNjfRUyetL7P8bULdJcNExn6v5fWq0mCibbJnIAZtnMD8Gf9yKY0l/0YkPJdDMUuPnSbmUTbP0o1Wenva03RCPKyBleD9GTL+LE72AJg5jVVKbdvCRiG6Wctovax6pnRZ0C7usIAHfGb2ibWMA=
In-reply-to: <alpine.BSF.2.00.1310181533530.88246@pohjola.cksoft.de>
References: <52600718.4000807@yahoo.co.uk> <alpine.BSF.2.00.1310181134000.88246@pohjola.cksoft.de> <52610CB7.9080800@yahoo.co.uk> <alpine.BSF.2.00.1310181254500.88246@pohjola.cksoft.de> <526137FB.90408@yahoo.co.uk> <alpine.BSF.2.00.1310181533530.88246@pohjola.cksoft.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8


On 10/18/2013 02:37 PM, Christian Kratzer wrote:

Hi,

On Fri, 18 Oct 2013, lejeczek wrote:
<snipp/>
use following to dump the certificate:

    openssl s_client -text -in CERT.pem
and no such things for s_clients in the toolkit versionas above,
I normally view a certificate with:
openssl x509 -issuer -subject -enddate -noout -text -inCERT.pem -- and I cannot see subjectAltNames
how could it be, given above is the right way to get allrelevant info of a certificate that request hassubjectAltNames but actual certificate misses it?
I totally goofed up the openssl command line. It is ofcourse:
     openssl x509 -text -in CERT.pem
If you do not see the subjectAltNames there then they arenot in the certificate.
How did you get those requests signed ?

ok, above doesn't get me much more than what was in mycommand line but still no! subjectAltNames,I had a similar thought to what Quanah suggested but first,before I try different ssl toolchain I shall assume it is memessing thing up.

I definitively have subjectAltNames in my request, the I sign:

openssl x509 -req -extensions v3_req -days 365 -in ....-signkey ... -out ...


where is the problem?

regards


Greetings
Christian

Follow-Ups:
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>

References:
- Subject Alternative Name in TLS - does this work?
  - From: lejeczek <peljasz@yahoo.co.uk>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>
- Re: Subject Alternative Name in TLS - does this work?
  - From: lejeczek <peljasz@yahoo.co.uk>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>
- Re: Subject Alternative Name in TLS - does this work?
  - From: lejeczek <peljasz@yahoo.co.uk>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>

Prev by Date: Updated scheme
Next by Date: Re: Subject Alternative Name in TLS - does this work?
Index(es):
- Chronological
- Thread