[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and wildcard SSL certs

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP and wildcard SSL certs
From: "Brent J. Nordquist" <b-nordquist@bethel.edu>
Date: Thu, 14 Apr 2005 10:59:33 -0500
Content-disposition: inline
In-reply-to: <200504141133.16070.mwisener@lurhq.com>
References: <20050414143213.GT754@bethel.edu> <200504141133.16070.mwisener@lurhq.com>
User-agent: Mutt/1.4.1i

Thanks for the feedback:

On Thu, Apr 14, 2005 at 11:33:16AM -0400, Mike Wisener wrote:
> Did you verify the subjectAltName was actually added on your signed 
> certificate? openssl x509 -in <cert> -text

Yes, I did.

> As far as I know, CN should be the fully qualified domain
> name. subjectAltName should have the wildcard.

But that defeats the whole purpose. Then you'd have to have one cert.
for each FQDN and then what's the point of using a wildcard at all?
Or am I misunderstanding what you're saying?

-- 
Brent J. Nordquist <b-nordquist@bethel.edu> N0BJN
Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html

Follow-Ups:
- Re: OpenLDAP and wildcard SSL certs
  - From: Mike Wisener <mwisener@lurhq.com>
- Re: OpenLDAP and wildcard SSL certs
  - From: Howard Chu <hyc@symas.com>

References:
- OpenLDAP and wildcard SSL certs
  - From: "Brent J. Nordquist" <b-nordquist@bethel.edu>
- Re: OpenLDAP and wildcard SSL certs
  - From: Mike Wisener <mwisener@lurhq.com>

Prev by Date: Re: filter problem
Next by Date: Re: OpenLDAP and wildcard SSL certs
Index(es):
- Chronological
- Thread