>From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills >Sent: Thursday, 11 October, 2012 19:40
Some minor points: >How do you specify the name (URL) of the Web site in Firefox? >Do you use exactly the same name as you use with the test client >(and the name in the certificate)? OP's test client was openssl s_client, which does NOT check hostname, so that one doesn't matter. URL in Firefox/etc and name in cert do. >Firefox is saying the certificate is for myserver but you are >specifying a different name when you open the site. The name >has to be exactly the same as one of the names (including alternates) >in the certificate. (You can wildcard the last node in the alternate >names.) myserver is not the same as myserver.com You can use wildcard in either Subject or SubjectAlternativeNames. The wildcard is the lowest-level component of a DNS name, which is at the left as written; in abstract that might be considered "last" but I think most people wouldn't call it that. <snip earlier> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org