On Mon, Feb 13, 2006, Khai Doan wrote: > Can I have > > subjectAltName = critical,DNS:*.hostname.com > > What other things are possible here (DNS, IP, email, URI, etc) ? >
Did you read the manual page I referenced: http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_ That tells you what can be used there with some examples. > Using IP:192.168.10.16 and DNS:*.hostname.com does not seems to work > (Internet Explorer throw up a warning dialog: The name on the security > certificates is invalid or does not match the name of the site). > If it is now appears in "extensions" in the certificate then that probably means IE doesn't support it. > > Has anyone successfully create a wild card certificate that bind to an IP > address ? > That is illegal. You can only specify a single IP address per entry. Why don't you explain what you are trying to do? There may be an alternative method to achieve what you want. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
