On 12/10/2012 2:43 PM, Jaquez Jr, Hector L. wrote:
Hello All,
I am having an issue trying to get my server read the SAN entries
> that I have configured in my cnf file. I created a .CSR file (2048) and
> had our PKI folks generate the certificate (.p7b) so that I could import
> it into my application. The application accepts the certificate and the
> corresponding private key. However, when I connect to the application
> using the FQDN I get a certificate error but when I use just the hostname
> it works fine. During the creation of the CSR file I assigned the common
> name as just the hostname. I recreated the CSR file setting the common
> name as the FQDN and when I tried accesing the application with the host
> name I received a certificate error. However, when I tried accessing the
> application with the FQDN it worked fine. It's as though the certificate
> is not applying the SANS I configured in the .cnf file. I researched
many
> forums to try to identify what I am missing but I just can't seem to
figure
> it out so I am turning to this group. See below for configs that I
set in
> .cnf file. I am not sure if I need to run a specific Openssl command to
> insert this in the certificate. I have done this once before and the
SANS
> were read perfectly fine so I am not sure what could be the issue.
> Please help....
Use the following command to check if the certificate you got back from
the PKI folks actually contains the SANs you wanted:
openssl pkcs7 -in yourcert.p7b -noout -print_certs -text
(A CA is not required to obey any of the requested attributes listed in
the CSR, any by default most CA software will put in only its usual
attributes unless explicitly told otherwise by the PKI folks).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org