On Sat, Dec 16, 2006 at 03:35:45PM -0800, David Newman wrote:
> openssl ca -out certs/lance-cyrus.pem \
> -in csrs/lance-cyrus.csr -config ./openssl.cnf \
> -extensions server
You need to arrange for the CA to include the SubjectAlternativeName
extension values in the signed cert...
For a self-signed (req -x509) certificate, this is easy:
req_extensions = v3_req
x509_extensions = v3_req
> [ v3_req ]
> basicConstraints = CA:FALSE
> keyUsage = nonRepudiation, digitalSignature, keyEncipherment
> subjectAltName = @alt_names
>
> [alt_names]
> DNS.1 = lance.eng.networktest.com
> DNS.2 = mail.freedonia.gov
> DNS.3 = mail.potrzebie.org
> DNS.4 = mail.furshlugginer.org
You need additional CA policy settings, you should be able to "Google"
these...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
