subjectAltName does not seem to work with the pkg command.
I tried with
subjectAltName = IP:<ip address>
in the openssl conf file to create the certificate
Also tried
subjectAltName_default = IP:<ip address>
Both these in combination with ServerAlias <ipaddress> for the Virtual
Host and without the alias as well.
It always generates Framework error: code: 51 reason: SSL: certificate
subject name '<hostname>' does not match target host name '<ip address>'
thanks
- Amol
On 09/16/11 13:18, Erik Trauschke wrote:
On Fri, 2011-09-16 at 13:04 -0700, Amol Chiplunkar wrote:
Any inputs on this ?
What you are asking for is that you have one certificate which works for
all domain names, which kinda defeats the point of having a secure
infrastructure.
If your server can be accessed by different domain names you'll have to
specify them in the subjectAltName field of the cert:
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_
I think you asked that before and I told you the same thing back then.
Erik
On 9/15/2011 1:44 PM, Amol Chiplunkar wrote:
Hi,
This is regarding an IPS repo behind a reverse proxy that opens only
the secure http port.
Based on the suggestions on a previous thread, I successfully
configured an apache web server
instance as a reverse proxy. The hostname on which apache is running,
is used as the CommonName
to generate the cert.
The cert is added to the truststore of the pkg command.
And pkg command can successfully use it as the https based publisher.
However, it fails to communicate if it uses anything other than the
hostname
in the publisher URL.
i.e. an FQDN or an IP address.
Is there a way for pkg command to not do the common name check ?
Or is there a way around this, so that hostname, FQDN, host aliases,
ip addresses
can be used in the URL ?
thanks
- Amol
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
