Hi,
running my own CA on a Debian Etch machine (openssl 0.9.8c) I need to
create a certificate for a private mailserver, which must be reachable
both using its hostname and its IP address. So the certificate needs
to contain both, to prevent warnings at the client side. The mail
clients used will be, among others, Outlook Express and Outlook 2007
(I cannot avoid this).
I tried various solutions, to no avail.
I first generated a certificate containing two Common Names, and it
was ok for Oulook Express, but not for Outlook, which shows a security
warning when using the second name.
I then tried various subjectAltName configurations, but none of these
seems to be supported by either OE or Outlook, they both always show a
security warning for one of the names. Here are some configurations I
tried:
subjectAltName = IP:<IP address>
subjectAltName = otherName:1.2.3.4;UTF8:<IP address>
subjectAltName = dirName:dir_sect
[dir_sect]
C = IT
O = bla bla
OU = bla bla
CN = <IP address>
subjectAltName = @alt_names
[alt_names]
IP.1 = <IP address>
All other needed parameters in openssl.cnf are correctly in place,
AFAICT, because the subjectAltName values are correctly visible in the
generated certificate.
I can post the full openssl.cnf if needed.
Any clues?
Thanks.
--
Ciao,
Marco.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
