that was me, the way I tried to sing certificate were...
incorrect
apologies and great and many thanks to everybody
I can now ldapsearch on both slapd.domain.local and
slap.domain.external with -ZZZ, all good (only cannot
confirm if CN has to be repeated in subjectAltName as per
Olo's tip, currently it IS repeatedin my cert)
last bit is WPMU Ldap Auth on Wordpress 3.6.1 which is
somehow not working :) hmm..
regards
On 10/21/2013 10:06 AM, Christian Kratzer wrote:
Hi,
On Mon, 21 Oct 2013, lejeczek wrote:
ok, above doesn't get me much more than what was in my
command line but still no! subjectAltNames,
I had a similar thought to what Quanah suggested but
first, before I try different ssl toolchain I shall
assume it is me messing thing up.
I definitively have subjectAltNames in my request, the I
sign:
Do you have them in the resulting request or certificate
or do you have them ?
If you do have them then you should see them in the
resulting request or certificate file.
openssl x509 -req -extensions v3_req -days 365 -in ....
-signkey ... -out ...
where is the problem?
where are you specifying the actual subjectAltNames ?
I use following in the specific openssl.cnf I use for
signing.
[ v3_req ]
subjectAltName = $ENV::ALTNAME
I then supply the subjectAltnames and the COMMONNAME using
the environment:
env COMMONNAME=$fqdn ALTNAME=$subjectAltName openssl req
-new -nodes -keyout $CERTDIR/$name.key -out
$CERTDIR/$name.csr -config $CONFIG
Greetings
Christian
