Re: subjectAltName setup

2006-12-17 Thread Dr. Stephen Henson
On Sat, Dec 16, 2006, David Newman wrote: For setup of a Postfix box that will serve multiple virtual domains, I would like to generate one cert for all hostnames at which this box will be able to be reached. Following an example in a post from Victor Duchovni [0], I configured the

Re: subjectAltName setup

2006-12-17 Thread Victor Duchovni
On Sun, Dec 17, 2006 at 02:25:29PM +0100, Dr. Stephen Henson wrote: On Sat, Dec 16, 2006, David Newman wrote: For setup of a Postfix box that will serve multiple virtual domains, I would like to generate one cert for all hostnames at which this box will be able to be reached.

Re: subjectAltName setup

2006-12-17 Thread David Newman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/17/06 8:04 AM, Victor Duchovni wrote: On Sun, Dec 17, 2006 at 02:25:29PM +0100, Dr. Stephen Henson wrote: On Sat, Dec 16, 2006, David Newman wrote: For setup of a Postfix box that will serve multiple virtual domains, I would like to

Re: subjectAltName setup

2006-12-17 Thread Victor Duchovni
On Sun, Dec 17, 2006 at 11:06:20AM -0800, David Newman wrote: the extensions are not by default copied into the signed certificate. The copy_extensions option described in http://www.openssl.org/docs/apps/ca.html is AFAIK the supported mechanism for importing

Re: subjectAltName setup

2006-12-17 Thread David Newman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/17/06 11:28 AM, Victor Duchovni wrote: [ CA_default ] serial = $dir/serial database = $dir/index.txt new_certs_dir= $dir/newcerts certs= $dir/certs certificate =

Re: subjectAltName setup

2006-12-17 Thread Victor Duchovni
On Sun, Dec 17, 2006 at 06:24:22PM -0800, David Newman wrote: One last question: Generating a cert for multiple virtual hosts is only an occasional requirement. Generally this CA will generate certs for one CN and zero alternates. In that case don't add copy_extensions = copy to CA_default

Re: subjectAltName setup

2006-12-17 Thread David Newman
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/17/06 7:14 PM, Victor Duchovni wrote: On Sun, Dec 17, 2006 at 06:24:22PM -0800, David Newman wrote: One last question: Generating a cert for multiple virtual hosts is only an occasional requirement. Generally this CA will generate certs

Re: subjectAltName setup

2006-12-17 Thread Victor Duchovni
On Sun, Dec 17, 2006 at 08:26:42PM -0800, David Newman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/17/06 7:14 PM, Victor Duchovni wrote: On Sun, Dec 17, 2006 at 06:24:22PM -0800, David Newman wrote: One last question: Generating a cert for multiple virtual hosts is only

Re: Creating CA problem

2006-12-17 Thread Jeppe Bundsgaard
Hi I have the same problem. I have tried to deinstall and reinstall openssl (and manually deleting misc where CA.pl is located) - but I still get the error. What shall I do to get the newer version of CA.pl? Regards Jeppe MaciekZ wrote: Thx it works pretty fine now. Thx for your help