[Date Prev][Date Next] [Chronological] [Thread] [Top]

SSL Cert Question

To: <openldap-software@OpenLDAP.org>
Subject: SSL Cert Question
From: "Jeff Saxton" <jsaxton@addamark.com>
Date: Wed, 11 Aug 2004 11:28:50 -0700
Importance: Normal

Title: Message

I found this:

---- cut here ----

RFC 2830 also specifies a means for additional names to be set in a certificate. This is done using the subjectAltName field which is an X.509v3 extension of the basic certificate. This field can be used to list aliases for a server, shared names in a load-balancing setup, or any other desired purpose. A wildcard can also be used, to allow a single certificate to match all hostnames within a given domain.

In the openssl.cnf file, the syntax for this extension is

subjectAltName=DNS:alias1.domain1,DNS:host2.domain2,DNS:*.domain3

Any number of names may be specified in the comma-separated list

---- cut here ----

at http://www.openldap.org/faq/data/cache/185.html

I have looked in the O'Reilly OpenSSL book but have not been able to figure out where in the openssl.cnf

file to put this entry. I need to do this so I can use something like ldap.mycompany.com and have it point

at a pool of ldap servers for high availability.

Can anyone enlightne me?

Thanks

Jeff Saxton

Follow-Ups:
- Re: SSL Cert Question
  - From: Donn Cave <donn@u.washington.edu>

Prev by Date: Re: ldapmodify hangs on ldif import
Next by Date: Re: ldap backend + ldapi (fwd)
Index(es):
- Chronological
- Thread