On Tue, Sep 18, 2007 at 01:46:42PM -0500, Murphy, David F wrote:
Exchange 2007 certificates and the autodiscovery functions:
According to this Microsoft article:
http://msexchangeteam.com/archive/2007/07/02/445698.aspx
<http://msexchangeteam.com/archive/2007/07/02/445698.aspx> a
certificate with Subject Alternative Names (SAN) is the recommended
method to purpose the use of the 'autodiscovery feature'.
For example, I need to add the following three DNS names using the SAN
extensions:
exchangemail.mysite.com
mysite.com
autodiscover.mysite.com
Has anyone out there done this already? If so, would you please share
the openssl.cnf that you used and the commands you executed to utilize
the configuration file?
Config file:
[ req ]
default_bits = 1024
default_md = sha1
default_keyfile = key.pem
distinguished_name = req_distinguished_name
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = New York
localityName = New York
organizationName = Acme Inc
organizationalUnitName = IT insecurity
commonName = www.example.com
emailAddress = [EMAIL PROTECTED]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature,
keyEncipherment
# Verisign managed PKI, does not yet support subjectAltName
in CSRs, instead
# they prompt for these in the enrollment form...
# If your CA support SAN CSRs, uncomment below.
subjectAltName = @alt_names
[ alt_names ]
DNS.1 = www.example.com
DNS.2 = 0wn3d.example.com
Generate the CSR:
(umask 077; openssl genrsa -out key.pem 1024)
openssl req -config conf.cnf -new -key key.pem -out req.pem
--
Viktor.
______________________________________________________________________
OpenSSL Project
http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org
Automated List Manager
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
