On Sat, Dec 16, 2006 at 03:35:45PM -0800, David Newman wrote: > openssl ca -out certs/lance-cyrus.pem \ > -in csrs/lance-cyrus.csr -config ./openssl.cnf \ > -extensions server
You need to arrange for the CA to include the SubjectAlternativeName extension values in the signed cert... For a self-signed (req -x509) certificate, this is easy: req_extensions = v3_req x509_extensions = v3_req > [ v3_req ] > basicConstraints = CA:FALSE > keyUsage = nonRepudiation, digitalSignature, keyEncipherment > subjectAltName = @alt_names > > [alt_names] > DNS.1 = lance.eng.networktest.com > DNS.2 = mail.freedonia.gov > DNS.3 = mail.potrzebie.org > DNS.4 = mail.furshlugginer.org You need additional CA policy settings, you should be able to "Google" these... -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]