Harald wallus schrieb: > > Am Dienstag, 17. September 2002 15:46 schrieben Sie: > > Harald, I beg your pardon, I did not understand. Yes, the certifciate I > > have installed for the Web Server is a Web Server certificate: > > > > This line is from the public area: > > > > 28 192.168.1.1 Sep 16 13:06:16 2002 GMT [EMAIL PROTECTED] Web Server > > > > It is just an internal server at the moment, and so the cn=192.168.1.1. As > > you can see the role is Web Server. > > This looks ok, the like my web server cert. > Another thing is the subject alternative name. > I'm not sure, if this what I do is ok. But it works. > When you create a "inital ra certificate", this means a web server cert for > your ra, you will find the menu "edit the request". Here I change the subject > alternative name from > email:[EMAIL PROTECTED] > to > DNS:www.myorg.com,email:[EMAIL PROTECTED] > or whatever your dns name is. You need to write DNS in upper letters.
This is conform to the RFCs but until Mozilla 1.0 (I think 1.1 support subjectAltName) Netscape ignores the subject alternative name. Netscape 4.7x only checks the common name, so you must use at every time https://192.168.1.1/. Any DNS-name doesn't work (incl. localhost). Netscape uses something like regular expression in the first common name. Please see the OpenCA-guide how to build a certificate for Netscape and IE. Michael -- ------------------------------------------------------------------- Michael Bell Email (private): [EMAIL PROTECTED] Rechenzentrum - Datacenter Email: [EMAIL PROTECTED] Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482 Unter den Linden 6 Fax: +49 (0)30-2093 2959 10099 Berlin Germany http://www.openca.org ------------------------------------------------------- Sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
