Hi there:
See my answer inline:
On 2010-09-22, at 8:06 PM, Gaiseric Vandal wrote:
> I use openssl to create certs for servers only, not for users. If I create
> a key with openssl, then create a CSR with "openssl req", it would prompt me
> for a subjectAltName.Openssl ca will sign CSR's fr
ge. (sometimes you have to convert certs from PEM to DER or vice
versa.)
Thanks for your help.
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Patrick Patterson
Sent: Wednesday, September 22, 2010 6:48 PM
To: openssl-users@op
On 2010-09-22, at 6:38 PM, Gaiseric Vandal wrote:
> Thanks for the link.
>
> I still need the CA to load the SAN parameter from the request- it looks
> like a lot of the defaults would be to copy the e-mail address into the SAN
> field.
>
Why? Why not just have the CA just put the appropriat
[mailto:gaiseric.van...@gmail.com]
Sent: Saturday, September 18, 2010 7:09 PM
To: openssl-users@openssl.org
Subject: RE: Confusion about subject alternative n
gt;
>>>
>>>
>>>
>>>
>>> I am pretty sure I have the correct syntax for subjectAltName in
>>> openssl.cnf.
>>>
>>>
>>>
>>> If I try adding a field in for "planet" it is just ignored.So it seams
&
t;>
>>> FYI, enabling the following line in openssl.cnf has resolved the problem.
>>>
>>>
>>>
>>> copy_extensi
he following line in openssl.cnf has resolved the problem.
copy_extensions = copy
From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com]
Sent: Saturday, September 18, 2010 7:09 PM
To: openssl-users@openssl.org
Subject: RE: Confusion about subject alternative names
Some additional info:
gt;
> copy_extensions = copy
>
>
>
>
>
>
>
> From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com]
> Sent: Saturday, September 18, 2010 7:09 PM
> To: openssl-users@openssl.org
> Subject: RE: Confusion about subject alternative names
>
>
>
FYI, enabling the following line in openssl.cnf has resolved the problem.
copy_extensions = copy
From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com]
Sent: Saturday, September 18, 2010 7:09 PM
To: openssl-users@openssl.org
Subject: RE: Confusion about subject alternative names
ngs like
scheduleing )-If you configure outlook 2007 to use "exchange1" it will
connect to IIS, get the mismatched certificate, and complain.This gets
worse if you have multiple Exchange servers.
Re: Confusion about subject alternative names
Peter Sylves
So it looks like openssl.cnf could optionally automatically copy the e-mail
address to subjectAltName.
-Thanks
From: Gaiseric Vandal [mailto:gaiseric.van...@gmail.com]
Sent: Saturday, September 18, 2010 5:08 PM
To: openssl-users@openssl.org
Subject: Confus
Hi
I am using various version of openssl-0.9.x (including
openssl-0.9.8k-1.fc11.i686 on my linux machine altho the cusotmized
openssl.cnf file is probably inherited from a slightly earlier version.)
When I create a certificate signing request with openssl, I have an option
to specify an Subject A
Since webmail, imap, smtp(s) all operate on different ports, and
you have different listeners, the correct way to me seems to
use three certificates with the desired hostnames etc.
Having the same IP address doesn't matter in this particular case.
___
Hi Gaiseric,
-Original Message-
> From: Gaiseric Vandal
>
>I am using various version of openssl-0.9.x (including
>openssl-0.9.8k-1.fc11.i686 on
> my linux machine altho the cusotmized openssl.cnf file is probably inherited
> from a
> slightly earlier version.)
> When I create a certifi
Hi
I am using various version of openssl-0.9.x (including
openssl-0.9.8k-1.fc11.i686 on my linux machine altho the cusotmized
openssl.cnf file is probably inherited from a slightly earlier version.)
When I create a certificate signing request with openssl, I have an
option to specify an Subj
15 matches
Mail list logo