Hate to repost but I'm completely stumped by this one and have noticed a few related questions for this recently...
>Sadly I've lost the original mail but someone a few weeks ago mentioned the use of >the subjectAltName extension to store domain names in a certificate - can anyone >clarify how to do this? Actually it was, er... Harald Koch - sorry to drag you in Harald but do you have details of how to do this or were you using some proprietary solution (Netscape's server products?) This is the config that doesn't work.. >[ req ] >default_bits � � � � � � � � � � � � � � � � � �= 1024 >default_keyfile � � � � � � � � � � � � � � � � = server.key >distinguished_name � � � � � � � � � � � � � � �= req_distinguished_name >string_mask � � � � � � � � � � � � � � � � � � = nombstr >req_extensions � � � � � � � � � � � � � � � � �= v3_req >x509_extensions � � � � � � � � � � � � � � � � = usr_cert >[ req_distinguished_name ] >countryName � � � � � � � � � � � � � � � � � � = Country Name (2 letter code) >countryName_default � � � � � � � � � � � � � � = GB >countryName_min � � � � � � � � � � � � � � � � = 2 >countryName_max � � � � � � � � � � � � � � � � = 2 >stateOrProvinceName � � � � � � � � � � � � � � = State or Province Name (full name) >localityName � � � � � � � � � � � � � � � � � �= Locality Name (eg, city) >0.organizationName � � � � � � � � � � � � � � �= Organization Name (eg, company) >organizationalUnitName � � � � � � � � �= Organizational Unit Name (eg, section) >commonName � � � � � � � � � � � � � � � � � � �= Common Name (eg, www.domain.com) >commonName_max � � � � � � � � � � � � � � � � �= 64 >emailAddress � � � � � � � � � � � � � � � � � �= Email Address >emailAddress_max � � � � � � � � � � � � � � � �= 40 >[ v3_req ] >nsCertType � � � � � � � � � � � � � � � � � � �= server >basicConstraints � � � � � � � � � � � � � � � �= critical,CA:false >[ user_cert ] >subjectAltName � � � � � � � � � � � � � � � � �= DNS:our.domain.co.uk > >This always results in "Error Loading extension section usr_cert". A couple of >quesions: do I need this DNS prefix? Does it matter what I call the extensions >section? How do I specify multiple host names? I found an example which led me to use >the x509_extensions tag instead of extensions - what is the difference? Once again, eternal gratitude awaits anyone who can shine any light on this... cam ----------------------------------------- [EMAIL PROTECTED] __________________________________________________________________ The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
