Re: [Fedora-directory-users] Creating a Certificate With Multiple Hostnames

Thu, 26 Feb 2009 04:42:50 -0800 

Emmanuel BILLOT a écrit :

[email protected] a écrit :

Wildcard certificates may still work.
Netscape unfortunately yanked their pages on the subject so my legacy Bookmarks can't help you. I'm not sure if the CMS is able to create them, however, the page I remember related to the Netscape 
Enterprise (read: Web) server.
However, I have found a reference: https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html 

Ok found how to check my csr

# openssl req -text -noout -in cert.csr
Certificate Request:
   Data:
       Version: 0 (0x0)
       Subject: C=FR, L=toutou, O=IRD, OU=DSI, CN=gaia.toutou.fr
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
           RSA Public Key: (1024 bit)
               Modulus (1024 bit):
                   00:b6:c2:60:30:e0:52:bc:49:52:72:c7:16:68:b3:
                   66:3f:34:4b:7a:cf:3b:da:58:07:e1:10:ec:14:8b:
                   42:10:89:f1:b7:53:fd:7a:cb:9e:b6:de:bb:61:13:
                   16:11:91:be:49:c1:75:50:22:40:25:a8:ae:bd:3a:
                   7b:75:90:2f:1c:33:57:ca:f0:c8:01:c9:0d:8b:56:
                   80:6e:c1:46:9f:b4:dc:e4:9b:1f:bd:31:be:c9:1d:
                   bf:63:d9:05:14:5a:bf:6e:f5:31:64:6c:14:c0:27:
                   ae:7e:0f:7c:fa:e0:5c:f5:c2:4a:a2:ef:a9:f2:22:
                   f7:7a:27:0a:63:c6:4f:27:75
               Exponent: 65537 (0x10001)
       Attributes:
       Requested Extensions:
           X509v3 Subject Alternative Name:
               DNS:waren.toutou.fr
   Signature Algorithm: sha1WithRSAEncryption
       6b:9f:cd:9c:06:4b:68:c0:8b:95:93:ca:b6:8d:da:be:64:84:
       0d:9d:03:8e:50:0b:0f:07:d7:0f:8a:8f:0f:11:d4:09:de:59:
       32:dd:95:6a:c0:30:0d:a9:d2:71:76:d7:b6:c0:8f:57:03:fb:
       be:0f:e3:62:16:e2:39:1f:9c:15:f0:84:ba:6a:57:f7:a8:9b:
       e4:5a:60:3e:b5:b7:a3:79:ca:11:e0:95:50:fd:ee:56:e2:05:
       df:8d:ac:0e:f5:e3:31:a7:ea:d3:6e:7a:57:e7:67:fd:11:94:
       58:72:cb:ee:f2:64:89:82:e2:b5:a9:8a:ea:a6:b7:1f:b7:84:
       2c:60

So it seems that the CA does not recognize the DNS x509_v3 option.


How can i know it ?  

Actually, CA does not recognize the DNS x509_v3 option. I had to use the

copy_extensions = copy

option in the openssl.cnf to activate it.
Now i can use multiple hostname certs with FDS.

--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================

--
Fedora-directory-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-directory-users






















					Reply via email to