Jean-Marc Desperrier wrote:You still have the wrong cert on-line.
Current certificate:
X509v3 Subject Alternative Name: DNS:cacert.org
still fails to validate... :/
Are you sure this is really the one on-line currently ? I still see the old one. If you use the standard openssl script, it will reject any extension in the certificat request, and only put in the cert extension that comes from the CA configuration. Yes, it makes it hard to put the adequate alternative name for server certificates when you don't issue the cert by hand. Openssl ca tool is not a CA, it's a toy, it's author would be the first to confirm that.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
