subject:"\[openssl\-users\] RFC2818 and subjectAltName"

Re: [openssl-users] RFC2818 and subjectAltName

2017-04-26 Thread Ryan Murray

yes Sent from Mail for Windows 10 From: Murray, Ronald-1 (ANF) Sent: Wednesday, April 26, 2017 1:25 PM To: 'openssl-users@openssl.org' Subject: [openssl-users] RFC2818 and subjectAltName We had an issue a few days ago when people with the newest version of Chrome were seeing security errors

Re: [openssl-users] RFC2818 and subjectAltName

2017-04-26 Thread Ryan Murray

If you are asking me, by all means yes. Thanks for asking, I respect the value of honesty in world that has so very few people left. Sent from Mail for Windows 10 From: Viktor Dukhovni Sent: Wednesday, April 26, 2017 1:55 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] RFC2818

Re: [openssl-users] RFC2818 and subjectAltName

2017-04-26 Thread Viktor Dukhovni

> On Apr 26, 2017, at 11:55 AM, Murray, Ronald-1 (ANF) > wrote: > > Our certificates, of course, only contained the Common Name (CN), with no > subjectAltName (SAN). I solved the problem by creating new certificates and > hacking openssl.cnf to request a SAN in the

[openssl-users] RFC2818 and subjectAltName

2017-04-26 Thread Murray, Ronald-1 (ANF)

We had an issue a few days ago when people with the newest version of Chrome were seeing security errors on our internal sites which were using SSL certificates signed with our internal CA. This turned out to be caused by Google adhering to RFC2818, which says: If a subjectAltName extension of