On Mon, Feb 13, 2006, Khai Doan wrote: > For some reason Hotmail does not allow me to attach those files: > > Test CSR: > > > -----BEGIN CERTIFICATE REQUEST----- > MIICuzCCAiQCAQAwggF5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p > YTESMBAGA1UEBxMJU2FuIE1hdGVvMRUwEwYDVQQKEwxHb3RHZW5pZS5jb20xFTAT > BgNVBAsTDFRlY2hub2xvZ2llczEZMBcGA1UEAxQQKi4qLmdvdGdlbmllLmNvbTEX > MBUGA1UEAxQOKi5nb3RnZW5pZS5jb20xFTATBgNVBAMTDGdvdGdlbmllLmNvbTEZ > MBcGA1UdERQQKi4qLmdvdGdlbmllLmNvbTEXMBUGA1UdERQOKi5nb3RnZW5pZS5j > b20xFTATBgNVHRETDGdvdGdlbmllLmNvbTEfMB0GCWCGSAGG+EIBDBQQKi4qLmdv > dGdlbmllLmNvbTEdMBsGCWCGSAGG+EIBDBQOKi5nb3RnZW5pZS5jb20xGzAZBglg > hkgBhvhCAQwTDGdvdGdlbmllLmNvbTEgMB4GCSqGSIb3DQEJARYRa2hhaUBnb3Rn > ZW5pZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKZF+wX2nzE0Doh2 > W6KJytKEu8CampAGptJmAIt2U2p5tCwLMXp7MS10cUOC4yFOL7Y6+Voyyo6UNO3H > mVSSuZAWEs4hsOIK7lsFt1FYQxZ/XcaJfXrx3K9weaN/9ARco1p+QGIjJhHD/SLv > xm7MPm5lFMCISIOjwP8+XZcp9fthAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQAP > incHoM4gXVC/BPfl1/o4XKmLlBzmIkmRZb+xhDHkxqEBnwF/jcm3OSpMDlIeYW3D > lMMzb9sDOqpEGGZt0W/dIbL0OytBpPP+xcYy6PYXuwNlvef+if+W6U/0mTlkMvA5 > R/+KWg9dpcirc7OssFyWNkIxVD62AFwQUltd0enbNw== > -----END CERTIFICATE REQUEST----- > > Test certificates: > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 12 (0xc) > Signature Algorithm: md5WithRSAEncryption > Issuer: C=US, ST=California, L=San Mateo, O=Genius Inc, > OU=Technologies, CN=Genius Inc/[EMAIL PROTECTED] > Validity > Not Before: Feb 14 01:14:51 2006 GMT > Not After : Feb 12 01:14:51 2016 GMT > Subject: C=US, ST=California, L=San Mateo, O=GotGenie.com, > OU=Technologies, CN=*.*.gotgenie.com, CN=*.gotgenie.com, > CN=gotgenie.com/subjectAltName=*.*.gotgenie.com/subjectAltName=*.gotgenie.com/subjectAltName=gotgenie.com/nsSslServerName=*.*.gotgenie.com/nsSslServerName=*.gotgenie.com/nsSslServerName=gotgenie.com/[EMAIL > PROTECTED]
Well you've put subjectAltName in the *subject* name. It should go in the extensions part. Look at: http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_ you need something like: subjectAltName = DNS:whatever.hostname.com in the certificate extensions section. Then the extension will appear when the certificate is signed. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]