-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lee Colclough schrieb: > Hi,
Hello Lee, > I have created a client/server app that talks via SOAP using SSL. > > Generating the certificates is fine provided the commonName is just for > the machine on which a particular server is running. I would like to > generate a certificate that works for all copies of my server > application on that domain. For that you have to store the host names in the subjectAltName extension of the certificate. Either you can do that with a cert section like - -----BEGIN CONFIG SNIPLET----- [ server_cert ] basicConstraints=critical,CA:FALSE nsCertType = server ... subjectAltName=DNS:hostname1.domainname.top,DNS:hostname2.domainname.top - -----END CONFIG SNIPLET----- and you generate a request without a commonName or you can install my patch (ticket #1052 in the request tracker), generate a request with 2 commonNames and generate the cert with - ----BEGIN CONFIG SNIPLET----- [ req_server_name ] ## for the generated request ... 0.commonName = Common Name (hostname) 0.commonName_default = Hostname1.DomainName.local 0.commonName_max = 64 1.commonName = Common Name (hostname) 1.commonName_default = Hostname2.DomainName.local 1.commonName_max = 64 [ cert_server ] basicConstraints=critical,CA:FALSE nsCertType = server ... subjectAltName=email:move,DNS:copy.commonName - -----END CONFIG SNIPLET----- If you want your server cert signed by a public CA, please contact the CA. Bye Goetz - -- DMCA: The greed of the few outweighs the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEZM6p2iGqZUF3qPYRAqIWAJ4yd1ONZvZ9+bwR9BVuh9eYatt84gCfSKdr FzBMrlouu3yZ95dAFLZrJ68= =/lKZ -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]