> > Another thing is the subject alternative name. > > I'm not sure, if this what I do is ok. But it works. > > When you create a "inital ra certificate", this means a web server cert > > for your ra, you will find the menu "edit the request". Here I change the > > subject alternative name from > > email:[EMAIL PROTECTED] > > to > > DNS:www.myorg.com,email:[EMAIL PROTECTED] > > or whatever your dns name is. You need to write DNS in upper letters. > > This is conform to the RFCs but until Mozilla 1.0 (I think 1.1 support > subjectAltName) Netscape ignores the subject alternative name. Netscape > 4.7x only checks the common name, so you must use at every time > https://192.168.1.1/. Any DNS-name doesn't work (incl. localhost). > > Netscape uses something like regular expression in the first common > name. Please see the OpenCA-guide how to build a certificate for > Netscape and IE.
I use the following Common name: www.myorg.com and the subject alternative name: DNS:www.myorg.com,email:[EMAIL PROTECTED] And netscape 4.79, Mozilla 1.1b and IE6.0 can call the https://www.myorg.com page. I get only problems, when I sign the request. But this I think is a problem with Javasacript method window.crypto respectivly VBS. I guess that microsoft has change the design from IE5.5 to IE6.0. When I use IE6.0 on a W2K-Server, I got a popup: Please register capicom.dll. That is only possible when you install microsofts certificate server. The error message from IE6.0 on W2k professional (workstation) is find in apache error-log: ----------------------------------------------------------------- General Error Trapped 6755: Error while opening /home/openca/OpenCA/var/crypto/certs/05.pem. OpenCA::X509 returns errorcode 7411021 (OpenCA::X509->new: Cannot initialize certificate (7412011) OpenCA::X509->initCert: No certificate present.). at /home/openca/OpenCA/lib/functions/misc-utils.lib line 38. Compilation failed in require at /home/openca/apache/cgi-bin/ca/ca line 194. ------------------------------------------------------------------------ It may be better to invite Mozilla to set up Javasacript method window.crypto than to try to get opencas VBS part to run for IE6.0. But I'm realy not shure. Greetings Harald -- Dr. Harald Wallus Results GmbH Am Listholze 78, D-30177 Hannover Tel: +49(0)511 90 95 1-23 Fax: +49(0)511 90 95 = 1-90 Email: [EMAIL PROTECTED] Internet: http://www.results-hannover.de ------------------------------------------------------- This SF.NET email is sponsored by: AMD - Your access to the experts on Hammer Technology! Open Source & Linux Developers, register now for the AMD Developer Symposium. Code: EX8664 http://www.developwithamd.com/developerlab _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
