On Tue, Feb 14, 2006 at 10:37:09PM +0100, Dr. Stephen Henson wrote:
> On Tue, Feb 14, 2006, Khai Doan wrote:
>
> >
> >
> > I read the manual page you referenced, but RFC seems to mention dNSName,
> > and when I try it
> >
> > subjectAltName = critical,dNSName:*.domain.com
> >
> > openssl give me error, so I am confused.
> >
>
> The RFC says dNSName, this is the same as DNS in OpenSSL.
>
Perhaps a sample working ".conf" file will help:
[ req ]
default_bits = 1024
default_md = sha1
default_keyfile = newkey.pem
distinguished_name = req_distinguished_name
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = New York
localityName = New York
organizationName = Acme Inc.
organizationalUnitName = Wobbly Widget Workshop
commonName = www.acme.com
emailAddress = [EMAIL PROTECTED]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# Some CAs do not yet support subjectAltName in CSRs.
# Instead the additional names are form entries on web
# pages where one requests the certificate...
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = www.acme.com
DNS.2 = www.acme.org
DNS.3 = www.acme.net
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
