[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: subjectAltName = DNS:*

To: ms419@freezone.co.uk, openldap-software@OpenLDAP.org
Subject: Re: subjectAltName = DNS:*
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Mon, 12 Jan 2004 01:41:03 -0800
Content-disposition: inline
In-reply-to: <3923D202-44DF-11D8-87A2-000A95C71776@freezone.co.uk>
References: <3923D202-44DF-11D8-87A2-000A95C71776@freezone.co.uk>

--On Monday, January 12, 2004 1:10 AM -0800 ms419@freezone.co.uk wrote:

I've created a server certificate with the x509 extension "subjectAltName
= DNS:*", but LDAP clients complain that "hostname does not match CN in
peer certificate". I thought that "*" would match all hostnames ... What
gives?


*.domain

So *.freezone.co.uk I think would be correct for your case.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- subjectAltName = DNS:*
  - From: ms419@freezone.co.uk

Prev by Date: subjectAltName = DNS:*
Next by Date: Re: replication iplanet 5.1 to openldap
Index(es):
- Chronological
- Thread