--- On Wed, 6/2/10, Eisenacher, Patrick <patrick.eisenac...@bdr.de> wrote:
> > -----Original Message----- > > From: Vieri > > > > --- On Tue, 6/1/10, Dave Thompson wrote: > > > > > CN doesn't need to be hostname or domainname for > a CA > > > cert. > > > Technically not required on entity cert either, > but on WWW > > > most parties do want/like entity's CN to be > domainname. > > > > How does one issue a cert for multiple CN? > > Suppose I have just one HTTP server but it can be > accessed > > via multiple FQDN... I suppose I need to use > subjectAltName? > > Subject alternative name is one possibility. If you need a > cert for several hosts/hostnames belonging to the same > domain, a wildcard CN comes to mind as well, eg. > "*.domain.com". Hi again, I must be making a silly mistake. I set this up in openssl.cnf: subjectAltName=dirName:dir_sect2 [dir_sect1] C=COUNTRY O=Org name OU=Org Unit name CN=www.mydomain1.org [dir_sect2] C=COUNTRY O=Org name OU=Org Unit name CN=www.mydomain2.org and when I sign a server certificate I get the following error: X509v3 Subject Alternative Name: DirName:/C=COUNTRY/O=Org name/OU=Org Unit name/CN=www.mydomain2.org Certificate is to be certified until Jun 2 10:21:14 2015 GMT (1825 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 If I don't define subjectAltName in openssl.cnf, all's fine. What does the "TXT_DB error number 2" message mean? Is the format incorrect? Vieri ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org