On Tue, 2003-02-25 at 12:32, Dr. Stephen Henson wrote: > On Tue, Feb 25, 2003, Nick Gray wrote: > > > On Tue, 2003-02-25 at 11:00, Dr. Stephen Henson wrote: > > > > You cant call ./Ca.pl -sign a second time. I "knows" about the > > certificate that was previously made and fails. Now perhaps if I wanted > > to set up aliases for the machine. (i.e. www.machine.com & > > mail.machine.com) but I dont. The primary purpose of the machine is a > > mail server with a web interface as well as auth pop and auth/excrypted > > smtp > > > > Well currently it will fail if the certificates have identical field values, > it could be argued that this is a deficiency in the way 'ca' operates. > > You can get round this by having some alternative field with a different > value, say "Server certificate", "IMAP certificate" etc. >
I also mistyped when I wrote servers as someone pointed out, I meant services. So if I want to use the different value, can I put it in the 'Organizational Unit Name' field. Would that do it? I wasn't aware that is was looking at anything other that common name for this. I will give it a shot. Thanks! > There are other ways to get certificate with the same DN signed such as using > the 'x509' utility instead of 'ca' but that can get messy. > I think I would rather use the CA.pl rather than to try to support the raw routines over the phone. > Steve. > -- > Dr Stephen N. Henson. > Core developer of the OpenSSL project: http://www.openssl.org/ > Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ > Email: [EMAIL PROTECTED], PGP key: via homepage. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
