[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Alternate names in certificates

To: openldap-software@OpenLDAP.org
Subject: Re: Alternate names in certificates
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Thu, 10 Jul 2003 09:16:51 +0200
In-reply-to: <20030710154518.I40995@mippet.ci.com.au> (Dave Horsfall's message of "Thu, 10 Jul 2003 16:02:19 +1000 (EST)")
References: <20030710154518.I40995@mippet.ci.com.au>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Dave Horsfall <daveh@ci.com.au> writes:

> Now that I've got 2.1.22 more or less working (with my own CA-signed
> certificates), the next obstacle is servers having several names.  For
> example, ldap.example.com/ldap.au.example.com/server.example.com would all
> be the same machine.
>
> I've perused the archives, and found several messages referring to this
> (but in reference to round-robin DNS), but nothing along the lines of
> "this is how you do it".  What I have been able to find implies that a
> single alternate name can be given (and unless I change a lot of things
> over which I have limited control, I need several), but muddling around in
> RFC2830 (section 3.6) reveals that subjectAltName is to be used (if
> present) in preference to the certificate name, thereby defeating the
> purpose of alternate names...
>
> So, how have people done this?  Assume I know nothing about X.509...

Have you tried to edit openssl.cnf to your needs?

-Dieter


-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

References:
- Alternate names in certificates
  - From: Dave Horsfall <daveh@ci.com.au>

Prev by Date: Re: help(Is there any C++ ldap libraries?)
Next by Date: Re: remove the log files ?
Index(es):
- Chronological
- Thread