[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Adding aliases in SSL/TLS certificate (Was: ldapsearch TLS error)



Please read RFC 2830. You use the subjectAltName X.509v3 extension
specifying
subjectAltname=dnsName:host1.domain1,dnsName:host2.domain2,dnsName:*.domain3
etc. Perhaps it's time for a FAQ-o-matic entry on this topic, it's certainly
come up (and been answered!) on this list a few times already...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Turbo
> Fredriksson
> Sent: Thursday, April 18, 2002 11:28 PM
> To: openldap-software@OpenLDAP.org
> Subject: Adding aliases in SSL/TLS certificate (Was: ldapsearch TLS
> error)
>
>
> >>>>> "Howard" == Howard Chu <hyc@highlandsun.com> writes:
>
>     Howard> The  hostname specified  by the  ldap client  must exactly
>     Howard> match the  hostname in  the server's certificate.  You can
>     Howard> add aliases (with  wildcards) in a cert for  a server that
>     Howard> is multi-homed or other reasons, but one of the names must
>     Howard> match the name that the client used.
>
> How exactly is this done? Is it possible to say
>
>         Common Name (eg, YOUR name) []:egeria.bayour.com,
> somename.otherdomain, localhost
>
> when creating the certificate?
>
> http://www.bayour.com/LDAPv3-HOWTO.html#3.1.4.Creating SSL
> certificate|outline