Similar question for
certs with SANs - does it consider the alternative names in the selection
process?
I don't know what SANs is.
Lukas already answered my base question, but:
SAN = Subject Alternative Name
example:
[root@cups-p1 ssl]# openssl x509 -in httpd.crt -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:d0:63:3b:2e:48:fd:42:5f:34:b9:c0:32:93:22:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=MI, L=Ann Arbor, O=Internet2, OU=InCommon, CN=InCommon
RSA Server CA
Validity
Not Before: Nov 6 00:00:00 2014 GMT
Not After : Nov 5 23:59:59 2017 GMT
Subject: C=US/postalCode=65401, ST=Missouri, L=Rolla/street=104CS Building/street=Information Technology,
O=University of Missouri, OU=MST, CN=printer.mst.edu
.....
.....
X509v3 Subject Alternative Name:
DNS:printer.mst.edu, DNS:*.cups.mst.edu, DNS:*.ipp.mst.edu, DNS:*.printer.mst.edu,
DNS:cups-p1.srv.mst.edu, DNS:cups-p2.srv.mst.edu, DNS:ipp.mst.edu
...
...
Thank you!
-- Nathan
------------------------------------------------------------
Nathan Neulinger nn...@neulinger.org
Neulinger Consulting (573) 612-1412