[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Subject Alternative Name in TLS - does this work?

To: Christian Kratzer <ck@cksoft.de>
Subject: Re: Subject Alternative Name in TLS - does this work?
From: lejeczek <peljasz@yahoo.co.uk>
Date: Mon, 21 Oct 2013 10:27:05 +0100
Cc: Christian Kratzer <ck-lists@cksoft.de>, openldap-technical@openldap.org
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s1024; t=1382347625; bh=DbxZQELTmG9eCtqc2qe/R9N+RjX8Qqiem+R4Fq6GVUs=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=avxwbbS+Ya1aLCncFoccZV0t9G+ovztef+q/wC2w8yaWNhLtGH7rVttE6n7IlXQdOx78GevlsOmgq54SBW4iIv9hYN72cOu9Kvh4KR8g8QOEhSCHFoo/t1QOX0WZy2oyik1NBvd4NdYENy52hcUqXQrqql1zUr7EgNRslVgp8X0=
In-reply-to: <alpine.BSF.2.00.1310211059040.88246@pohjola.cksoft.de>
References: <52600718.4000807@yahoo.co.uk> <alpine.BSF.2.00.1310181134000.88246@pohjola.cksoft.de> <52610CB7.9080800@yahoo.co.uk> <alpine.BSF.2.00.1310181254500.88246@pohjola.cksoft.de> <526137FB.90408@yahoo.co.uk> <alpine.BSF.2.00.1310181533530.88246@pohjola.cksoft.de> <5264E79B.7050300@yahoo.co.uk> <alpine.BSF.2.00.1310211059040.88246@pohjola.cksoft.de>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8

that was me, the way I tried to sing certificate were...incorrect


apologies and great and many thanks to everybody

I can now ldapsearch on both slapd.domain.local andslap.domain.external with -ZZZ, all good (only cannotconfirm if CN has to be repeated in subjectAltName as perOlo's tip, currently it IS repeatedin my cert)last bit is WPMU Ldap Auth on Wordpress 3.6.1 which issomehow not working :) hmm..


regards

On 10/21/2013 10:06 AM, Christian Kratzer wrote:

Hi,

On Mon, 21 Oct 2013, lejeczek wrote:
ok, above doesn't get me much more than what was in mycommand line but still no! subjectAltNames,I had a similar thought to what Quanah suggested butfirst, before I try different ssl toolchain I shallassume it is me messing thing up.I definitively have subjectAltNames in my request, the Isign:
Do you have them in the resulting request or certificateor do you have them ?
If you do have them then you should see them in theresulting request or certificate file.
openssl x509 -req -extensions v3_req -days 365 -in ....-signkey ... -out ...
where is the problem?
where are you specifying the actual subjectAltNames ?
I use following in the specific openssl.cnf I use forsigning.
  [ v3_req ]
  subjectAltName = $ENV::ALTNAME
I then supply the subjectAltnames and the COMMONNAME usingthe environment:
env COMMONNAME=$fqdn ALTNAME=$subjectAltName openssl req-new -nodes -keyout $CERTDIR/$name.key -out$CERTDIR/$name.csr -config $CONFIG
Greetings
Christian

Follow-Ups:
- Re: Subject Alternative Name in TLS - does this work?
  - From: Howard Chu <hyc@symas.com>

References:
- Subject Alternative Name in TLS - does this work?
  - From: lejeczek <peljasz@yahoo.co.uk>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>
- Re: Subject Alternative Name in TLS - does this work?
  - From: lejeczek <peljasz@yahoo.co.uk>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>
- Re: Subject Alternative Name in TLS - does this work?
  - From: lejeczek <peljasz@yahoo.co.uk>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>
- Re: Subject Alternative Name in TLS - does this work?
  - From: lejeczek <peljasz@yahoo.co.uk>
- Re: Subject Alternative Name in TLS - does this work?
  - From: Christian Kratzer <ck-lists@cksoft.de>

Prev by Date: Re: Subject Alternative Name in TLS - does this work?
Next by Date: Re: Subject Alternative Name in TLS - does this work?
Index(es):
- Chronological
- Thread