On 01/25/2009 11:35 AM, Marco De Vitis wrote:
Il giorno 24/gen/09, alle ore 16:54, Dr. Stephen Henson ha scritto:
You don't say which give a warning. If you use the IP version in
subjectAltname do you get a warning for the hostname or the IP address?
If the hostname but not IP address try adding a second value,
DNS:whatever.com
If I use:
subjectAltName = IP:192.168.1.5
...then both OE and Outlook show a warning when I set them up to use
the IP address.
In other words, they behave as if the Alternative Name did not exist.
I do not understand if your suggestion was meant for this case, but I
tried it anyway, using:
subjectAltName = IP:192.168.1.5,DNS:mail.foo.org
...where mail.foo.org is the same hostname as the main CN, but both
mail clients show the same warning, nothing changed.
Any more ideas?
Thank you very much.
Marco,
Do any other clients (s_client, web browser, etc) exhibit the same
behavior or an error message? If yes, what's the error response?
When you use s_client to connect to your mail server does it pass
verification through both ways, IP and DNS?
Can you do an s_client and dump the cert to OpenSSL's x509 and read the
cert? Do the SubjectAltNames appear in the "X509v3 Subject Alternative
Name" section when doing so?
What is the *exact* error you get with the Microsoft Products when you
use this format? Hostname Mismatch? Untrusted Cert?
CN=mail.foo.org
subjectAltName = IP:192.168.1.5, DNS:mail.foo.org
--Sal
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
