On 11.10.22 17:46, Paul Kudla (SCOM.CA Internet Services Inc.) wrote:
ok according to
https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html
SAN is not a valid option along with CN
... I don't see that being said in the page you refer to?
Anyhow, "stop giving a CN, use SANs instead" is
ok according to
https://www.openssl.org/docs/man1.0.2/man5/x509v3_config.html
SAN is not a valid option along with CN
CN is part of the subject ??
Upoin further testing thunderbird seems to be locking onto the primary
domain (*.scom.ca) of the server skipp any sni setup ??
again thoughts
ok it appears that all this revolves around openssl
does anyone have explicit instructions on how to generate a proper ssl
key, csr etc file
with the proper SAN & CN etc
i tried
# openssl req -new -nodes -newkey rsa:2048 -config ./openssl.cnf
-reqexts req_ext -keyout mail.paulkudla.net.key
Good morning to all
i guess things have changed yet again
to keep this simple :
i buy a certificate (example) : mail.paulkudla.net
i generated the key / csr as per normal using
data = '/usr/local/bin/openssl req -new -key /tmp/temp.key -out
/tmp/temp.csr -subj "/C=%s/ST=%s/L=%s/O=%s/CN=%s"