On Sun, Dec 17, 2006 at 08:26:42PM -0800, David Newman wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 12/17/06 7:14 PM, Victor Duchovni wrote:
> > On Sun, Dec 17, 2006 at 06:24:22PM -0800, David Newman wrote:
> >
> >> One last question: Generating a cert for multiple virtual hos
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/06 7:14 PM, Victor Duchovni wrote:
> On Sun, Dec 17, 2006 at 06:24:22PM -0800, David Newman wrote:
>
>> One last question: Generating a cert for multiple virtual hosts is only
>> an occasional requirement. Generally this CA will generate cert
On Sun, Dec 17, 2006 at 06:24:22PM -0800, David Newman wrote:
> One last question: Generating a cert for multiple virtual hosts is only
> an occasional requirement. Generally this CA will generate certs
> for one CN and zero alternates.
In that case don't add "copy_extensions = copy" to "CA_defau
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/06 11:28 AM, Victor Duchovni wrote:
>> [ CA_default ]
>> serial = $dir/serial
>> database = $dir/index.txt
>> new_certs_dir= $dir/newcerts
>> certs= $dir/certs
>> certificate
On Sun, Dec 17, 2006 at 11:06:20AM -0800, David Newman wrote:
> > the extensions are not by default copied into the signed
> > certificate. The "copy_extensions" option described in
> >
> > http://www.openssl.org/docs/apps/ca.html
> >
> > is AFAIK the supported mechanism for importing Subjec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/17/06 8:04 AM, Victor Duchovni wrote:
> On Sun, Dec 17, 2006 at 02:25:29PM +0100, Dr. Stephen Henson wrote:
>
>> On Sat, Dec 16, 2006, David Newman wrote:
>>
>>> For setup of a Postfix box that will serve multiple virtual domains, I
>>> would l
On Sun, Dec 17, 2006 at 02:25:29PM +0100, Dr. Stephen Henson wrote:
> On Sat, Dec 16, 2006, David Newman wrote:
>
> > For setup of a Postfix box that will serve multiple virtual domains, I
> > would like to generate one cert for all hostnames at which this box will
> > be able to be reached.
>
On Sat, Dec 16, 2006, David Newman wrote:
> For setup of a Postfix box that will serve multiple virtual domains, I
> would like to generate one cert for all hostnames at which this box will
> be able to be reached.
>
> Following an example in a post from Victor Duchovni [0], I configured the
>
On Sat, Dec 16, 2006 at 03:35:45PM -0800, David Newman wrote:
> openssl ca -out certs/lance-cyrus.pem \
> -in csrs/lance-cyrus.csr -config ./openssl.cnf \
> -extensions server
You need to arrange for the CA to include the SubjectAlternativeName
extension values in the signed cert...
For a self