Hi Gaiseric, -----Original Message----- > From: Gaiseric Vandal > >I am using various version of openssl-0.9.x (including >openssl-0.9.8k-1.fc11.i686 on > my linux machine altho the cusotmized openssl.cnf file is probably inherited > from a > slightly earlier version.)
> When I create a certificate signing request with openssl, I have an option to > specify an > Subject Alternative Name (SAN.) The request file (csr) as well as the > resulting > certificate includes the SAN as a value in the in the subject field. > > Subject: C=US, ST=xxxxx, L=xxxxx, O=xxxxx, OU=IT, > CN=server1.company.com/subjectAltName=server2.company.com/emailaddress=xx...@company.com I've never seen a subjectAlternativeName construction like this. This is not what openssl does by default. So this behaviour is related to the changes you did in your openssl.conf file. Looks like you defined your own private RDN subjectAltName. This is not standard. And nobody else will understand this! I recommend you read up about using the openssl req and ca commands, or alternatively the x509 command if you are using this to issue your certicates, and the format of the configuration file: man req man ca man x509 man config man x509v3_config HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org