Hi, when using apps/ca.c to sign certificate requests, the contents of the certificate is printed. The contents of the X509v3 extension "Subject Alternative Name" is however not printed, so that the information (which is also part of the signed certificate) is not verified by the issuer before before signing. (I just started experimenting with dNSName usage and don't feel confident enough to already provide a patch myself). Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]