--- On Wed, 6/2/10, Eisenacher, Patrick <patrick.eisenac...@bdr.de> wrote:
> > -----Original Message-----
> > From: Vieri
> >
> > --- On Tue, 6/1/10, Dave Thompson wrote:
> >
> > > CN doesn't need to be hostname or domainname for
> a CA
> > > cert.
> > > Technically not required on entity cert either,
> but on WWW
> > > most parties do want/like entity's CN to be
> domainname.
> >
> > How does one issue a cert for multiple CN?
> > Suppose I have just one HTTP server but it can be
> accessed
> > via multiple FQDN... I suppose I need to use
> subjectAltName?
>
> Subject alternative name is one possibility. If you need a
> cert for several hosts/hostnames belonging to the same
> domain, a wildcard CN comes to mind as well, eg.
> "*.domain.com".
Hi again,
I must be making a silly mistake.
I set this up in openssl.cnf:
subjectAltName=dirName:dir_sect2
[dir_sect1]
C=COUNTRY
O=Org name
OU=Org Unit name
CN=www.mydomain1.org
[dir_sect2]
C=COUNTRY
O=Org name
OU=Org Unit name
CN=www.mydomain2.org
and when I sign a server certificate I get the following error:
X509v3 Subject Alternative Name:
DirName:/C=COUNTRY/O=Org name/OU=Org Unit
name/CN=www.mydomain2.org
Certificate is to be certified until Jun 2 10:21:14 2015 GMT (1825 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
If I don't define subjectAltName in openssl.cnf, all's fine.
What does the "TXT_DB error number 2" message mean?
Is the format incorrect?
Vieri
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
