[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl, client certificate containing subjectAltName and non UTF-8 chars



manu@netbsd.org (Emmanuel Dreyfus) writes:

> Howard Chu <hyc@symas.com> wrote:
>
>> > http://openssl.org/docs/apps/ca.html#
>> > http://openssl.org/docs/apps/x509v3_config.html#
>> 
>> I should note that these are the same man pages that are bundled in the
>> OpenSSL packages themselves. It seems odd to go to search engines when the
>> info you're looking for is already on your own machine. It seems odd to go
>> to search engines instead of the home web sites of the actual software
>> you're working with...
>
> Well, that documentation (which I already checked) is a good reference
> documentation, but it's a very poor  for learning how to actually do
> things. 

[...]

As we ware talking about X.509, in openssl.cnf you have to declare,
where x509 extensions can be found, in my config file they are in
usr_cert part 

...
x509_extensions = usr_cert
...
[ usr_cert ]
...
subjectAltName=DNS:localhost
...


-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6