> -----Original Message----- > From: Vieri > > --- On Tue, 6/1/10, Dave Thompson wrote: > > > CN doesn't need to be hostname or domainname for a CA > > cert. > > Technically not required on entity cert either, but on WWW > > most parties do want/like entity's CN to be domainname. > > How does one issue a cert for multiple CN? > Suppose I have just one HTTP server but it can be accessed > via multiple FQDN... I suppose I need to use subjectAltName?
Subject alternative name is one possibility. If you need a cert for several hosts/hostnames belonging to the same domain, a wildcard CN comes to mind as well, eg. "*.domain.com". HTH, Patrick Eisenacher ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org