Anders Kringstad wrote: > On Mon, 2007-11-26 at 09:06 +0100, Ronny Aasen wrote: > >> Morten Werner Forsbring wrote: >> >>> Holger Levsen <[EMAIL PROTECTED]> writes: >>> >>> >>> >>>> No, lwat has nothing to do with it. According to this logic, we >>>> should create more (snakeoil) ssl certificates for the different dns >>>> names. Currently we only create one for tjener.intern, maybe we >>>> should also create one for postoffice.intern, one for www.intern and >>>> so on. >>>> >>>> >>> Can't we create one with all the known aliases included? >>> >>> >>> - Werner >>> >>> >> I didn't think it was possible to have multiple aliases on a >> certificate. Do you know the openssl command how to do it ? >> > > Quite simple guide here :) > > openssl genrsa 2048 > intern-wildcard.key > chmod 400 intern-wildcard.key > openssl req -new -x509 -nodes -sha1 -days 3650 -key \ > interd-wildcard.key > intern-wildcard.cert > [enter *.intern for the Common Name] > openssl x509 -noout -fingerprint -text < intern-wildcard.cert \ > >> intern-wildcard.info >> > cat intern-wildcard.key intern-wildcard.cert > intern-wildcard.pem > chmod 400 intern-wildcard.pem > > > but a wildcard!= a alias. ie www/backup/tjener/ does not match *.intern
altho www.intern does ofcourse. so we could change the links to be www.intern instead of www and use a wildcard. unless someone knows a way to handle aliases in keys. Ronny -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
