Alex aka Magobin wrote:
I also find this in Sun documentation:certutil -R ...-CUT-... -a -8 amserv1.example.com,amserv2.example.comOk, after reading document I see that certutil that cames with FDS support subjectAltName...so I tried to make server certificate with this extension but unfortunately doesn't work; I used the following # ../shared/bin/certutil -R -d . -s 'CN=nodo1.domain.example.com -o tmpcertreq -g 1024 -8 ldap.domain.example.com # ../shared/bin/certutil -C -d . -c "CA Certificate" -i tmpcertreq -o tmpcert.der -m 3 -v 120 -1 -5 -8 ldap.domain.example.com # ../shared/bin/certutil -A -d . -n "nodo1.domain.example.com" -t u,u,u -i tmpcert.der ...I supposed that it was correctly but I'm not sure...I don't find anything about configuration certificate with subjectAltName extention. Could someone suggest me the right way?
Assuming you already have a CA nicknamed 'cacert' and your database is in the directory named 'foo':
% certutil -R -d foo -s "cn=localhost,dc=example,dc=com" -o tmpcertreq -g 1024 % certutil -C -d foo -c cacert -i tmpcertreq -o tmpcert.der -m 9 -v 12 -1 -5 -8 foo.example.com
% certutil -A -d foo -n Alt-Cert -t u,u,u -i tmpcert.der
% certutil -L -d foo -n Alt-Cert
% rm -f tmpcert.der tmpcertreq
-- Cut --
Signed Extensions:
Name: Certificate Subject Alt Name
Data: Sequence {
[1]
foo.example.com
}
Name: Certificate Type
Data: <SSL Server>
-- Cut --
rob
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
