[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Adding aliases in SSL/TLS certificate (Was: ldapsearch TLS error)
Please read RFC 2830. You use the subjectAltName X.509v3 extension
specifying
subjectAltname=dnsName:host1.domain1,dnsName:host2.domain2,dnsName:*.domain3
etc. Perhaps it's time for a FAQ-o-matic entry on this topic, it's certainly
come up (and been answered!) on this list a few times already...
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Turbo
> Fredriksson
> Sent: Thursday, April 18, 2002 11:28 PM
> To: openldap-software@OpenLDAP.org
> Subject: Adding aliases in SSL/TLS certificate (Was: ldapsearch TLS
> error)
>
>
> >>>>> "Howard" == Howard Chu <hyc@highlandsun.com> writes:
>
> Howard> The hostname specified by the ldap client must exactly
> Howard> match the hostname in the server's certificate. You can
> Howard> add aliases (with wildcards) in a cert for a server that
> Howard> is multi-homed or other reasons, but one of the names must
> Howard> match the name that the client used.
>
> How exactly is this done? Is it possible to say
>
> Common Name (eg, YOUR name) []:egeria.bayour.com,
> somename.otherdomain, localhost
>
> when creating the certificate?
>
> http://www.bayour.com/LDAPv3-HOWTO.html#3.1.4.Creating SSL
> certificate|outline