[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Multi-homed machine and TLS
Hi,
Imobach González Sosa <igonzalez@becarios.ulpgc.es> writes:
> El Miércoles, 15 de Septiembre de 2004 12:44, Dieter Kluenter escribió:
>> It does work! My Server has the FQDN marin.l4b.de and the CNAME
>> ldap.l4b.de and kerberos.l4b.de, the client certificate contains the
>> subjectAltName=DNS: ldap.l4b.de localhost
>> A search on host ldap.4b.de is successful
[...]
> Right, thank you. However, I don't know what to check ;) I mean that my
> certificate (I tested several) have a subjectAltName and a commonName... and
> always read the CN. Any particular value in commonName?
openssl x509 -in hostcert.pem -text
should show something like
,----[ certificate text ]
| Validity
| Not Before: Aug 12 09:50:42 2004 GMT
| Not After : Feb 2 09:50:42 2010 GMT
| Subject: C=DE, L=Hamburg,O=AVCI, OU=Administration,CN=marin.l4b.de
| Subject Public Key Info:
| Public Key Algorithm: rsaEncryption
| RSA Public Key: (1024 bit)
| Modulus (1024 bit):
| [...]
| X509v3 Subject Alternative Name:
| DNS:ldap.l4b.de
`----
Now, in what part of openssl.cnf did you put the subjectAltName?
it should be within [ usr_cert ] part.
Is the alternate hostname resolveable by the resolver?
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8C183C8622115328