In message <[EMAIL PROTECTED]> on Fri, 24 Sep 2004 11:29:23 +0200, Gerd Schering <[EMAIL PROTECTED]> said:
Schering> is it possible to use domain name components - as in ldap - Schering> for the certificate dn, i.e. something like Schering> dc=mycompany,dc=com instead of the C=US,... staff? Absolutely. Just beware that LDAP *prints* and expects the parts of the subject in reverse, so in X.509 terms, the subject would be dc=com,dc=mycompany. Another thing to beware of is that, at least 5 years ago, there were programs that crashed (literaly) if they didn't find things like C=... and CN=.... I've no idea how it is today. Cheers, Richard ----- Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
