On Thu, Aug 26, 2004, Ralph wrote: > Hello list members, > > I'm trying to set up an Apache 2 based web server for multiple name > based virtual hosts. As it is not possible with mod_ssl to have a > seperate SSL certificate file for each virtual host, I'd like to > create a single certificate file with multiple CN entries, i.e.: > > CN #1: www.domain1.org > CN #2: www.domain2.net > CN #3: www.domain3.com > > I checked the mailing list archives and found a thread mentioning > multiple CN entries, i.e. in this message by Stephen Henson: > <http://marc.theaimsgroup.com/?l=openssl-users&m=108863949314709&w=2> > > However, I failed to find an example or howto-document which describes > the required actions step by step. I tried to modify openssl.cnf: > > [ req_distinguished_name ] > commonName_default = www.domain1.org > 0.CN=www.domain2.net > 1.CN=www.domain3.com > > Unfortunately, the CSR file only contains www.domain3.com as the > common name and does not mention the who other CNs at all. > > Where can I find detailed information on how to include multiple > common names in a SSL certificate file? All pointers are welcome. >
I've just tried something similar and get 3 CNS in the PKCS#10 certificate request. *However* looking through the code for the 'ca' utility seems to suggest it will zap all but the first commonName entry with the current policy code. You can work round that with the "preserve" config file option or the -preserveDN command line option. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
