On Sun, Dec 17, 2006 at 02:25:29PM +0100, Dr. Stephen Henson wrote:
> On Sat, Dec 16, 2006, David Newman wrote:
>
> > For setup of a Postfix box that will serve multiple virtual domains, I
> > would like to generate one cert for all hostnames at which this box will
> > be able to be reached.
> >
> > Following an example in a post from Victor Duchovni [0], I configured the
> > subjectAltName parameter in openssl.cnf with four hostnames and generated
> > a cert. However, I still see only one CN in the resulting cert.
> >
>
> You will only see one CN. CN and subjectAltName are two different things. The
> approved way to represent multiple host names is via subjectAltName which will
> appear in the extensions list when you display the certificate.
>
> If you need multiple CNs (which some software may require) then you need to
> prompt for multiple CNs.
The OP meant multiple SubjectAlternativeName values in the signed
certificate, the extensions are not by default copied into the signed
certificate. The "copy_extensions" option described in
http://www.openssl.org/docs/apps/ca.html
is AFAIK the supported mechanism for importing SubjectAlternativeNames
from the request into the certificate.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
