I generated the ssl request, I signed it in my CA (openssl) and uploaded signed certificate back to device. I generated also ca.der and uploaded it to my Internet browser. When I trying open ilo my browser give a warning about a mismatched hostname.
I'm accessing this device via IP address. I don't want add this addresses to my DNS. In certificate request was: CN = some-iLO-2-Subsystem-Name OU = ISS O = Hewlett-Packard Development Company ST = Texas C = US In my CA certificate, witch I used to sign the request I've got: CN = in...@mycompany.com C = US ST = MyState L = myCity E = in...@mycompany.com OU = Infrastructure O = MyCompany SP zoo What should I do to connect to ilo without any warnings? To create my own CA i used: openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 3650 -config ./openssl.cnf To sign my certificate request i used: openssl ca -notext -in /etc/ssl/req.txt > /etc/ssl/ilocert.pem My OpenSSL configuration file: # # Establish working directory. dir = /etc/ssl [ ca ] default_ca = CA_default [ CA_default ] serial = $dir/serial database = $dir/index.txt new_certs_dir = $dir/certs certificate = $dir/cacert.pem private_key = $dir/private/cakey.pem default_days = 3650 default_md = md5 preserve = no email_in_dn = no nameopt = default_ca certopt = default_ca policy = policy_match [ policy_match ] countryName = optional stateOrProvinceName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional [ req ] default_bits = 1024 # Size of keys default_keyfile = key.pem # name of generated keys default_md = md5 # message digest algorithm string_mask = nombstr # permitted characters distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] # Variable name Prompt string #------------------------- ---------------------------------- 0.organizationName = Organization Name (company) organizationalUnitName = Organizational Unit Name (department, division) emailAddress = Email Address emailAddress_max = 40 localityName = Locality Name (city, district) stateOrProvinceName = State or Province Name (full name) countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 commonName = Common Name (hostname, IP, or your name) commonName_max = 64 # Default values for the above, for consistency and less typing. # Variable name Value #------------------------ ------------------------------ 0.organizationName_default = My Company localityName_default = My Town stateOrProvinceName_default = State or Providence countryName_default = US [ v3_ca ] basicConstraints = CA:TRUE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer:always [ v3_req ] basicConstraints = CA:FALSE subjectKeyIdentifier = hash Can anyone help me? -- View this message in context: http://old.nabble.com/Why-does-my-browser-give-a-warning-about-a-mismatched-hostname-tp29237337p29237337.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
