Hello all, Sadly I've lost the original mail but someone a few weeks ago mentioned the use of the subjectAltName extension to store domain names in a certificate - can anyone clarify how to do this? I've found a few examples of this on the net and dug through the docs but I can't get it to work for me...
I'm currently using a hacked version of the ssl.ca-0.1 scripts and have the following for my config: [ req ] default_bits = 1024 default_keyfile = server.key distinguished_name = req_distinguished_name string_mask = nombstr req_extensions = v3_req x509_extensions = usr_cert [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_default = GB countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, www.domain.com) commonName_max = 64 emailAddress = Email Address emailAddress_max = 40 [ v3_req ] nsCertType = server basicConstraints = critical,CA:false [ user_cert ] subjectAltName = DNS:our.domain.co.uk This always results in "Error Loading extension section usr_cert". A couple of quesions: do I need this DNS prefix? Does it matter what I call the extensions section? How do I specify multiple host names? I found an example which led me to use the x509_extensions tag instead of extensions - what is the difference? I would be hugely grateful for any pointers... cam ----------------------------------------- [EMAIL PROTECTED] __________________________________________________________________ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
