On Sat, Dec 16, 2006, David Newman wrote: > For setup of a Postfix box that will serve multiple virtual domains, I > would like to generate one cert for all hostnames at which this box will > be able to be reached. > > Following an example in a post from Victor Duchovni [0], I configured the > subjectAltName parameter in openssl.cnf with four hostnames and generated > a cert. However, I still see only one CN in the resulting cert. >
You will only see one CN. CN and subjectAltName are two different things. The approved way to represent multiple host names is via subjectAltName which will appear in the extensions list when you display the certificate. If you need multiple CNs (which some software may require) then you need to prompt for multiple CNs. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
