On Sun, Dec 17, 2006 at 02:25:29PM +0100, Dr. Stephen Henson wrote: > On Sat, Dec 16, 2006, David Newman wrote: > > > For setup of a Postfix box that will serve multiple virtual domains, I > > would like to generate one cert for all hostnames at which this box will > > be able to be reached. > > > > Following an example in a post from Victor Duchovni [0], I configured the > > subjectAltName parameter in openssl.cnf with four hostnames and generated > > a cert. However, I still see only one CN in the resulting cert. > > > > You will only see one CN. CN and subjectAltName are two different things. The > approved way to represent multiple host names is via subjectAltName which will > appear in the extensions list when you display the certificate. > > If you need multiple CNs (which some software may require) then you need to > prompt for multiple CNs.
The OP meant multiple SubjectAlternativeName values in the signed certificate, the extensions are not by default copied into the signed certificate. The "copy_extensions" option described in http://www.openssl.org/docs/apps/ca.html is AFAIK the supported mechanism for importing SubjectAlternativeNames from the request into the certificate. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]