[Fedora-directory-users] Creating a Certificate With Multiple Hostnames
Emmanuel BILLOT
emmanuel.billot at ird.fr
Thu Feb 26 12:42:19 UTC 2009
Emmanuel BILLOT a écrit :
> lambam80 at hotmail.com a écrit :
>> Wildcard certificates may still work.
>>
>> Netscape unfortunately yanked their pages on the subject so my legacy
>> Bookmarks can't help you.
>>
>> I'm not sure if the CMS is able to create them, however, the page I
>> remember related to the Netscape
>> Enterprise (read: Web) server.
>>
>> However, I have found a reference:
>>
>> https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html
>
> Ok found how to check my csr
>
> # openssl req -text -noout -in cert.csr
> Certificate Request:
> Data:
> Version: 0 (0x0)
> Subject: C=FR, L=toutou, O=IRD, OU=DSI, CN=gaia.toutou.fr
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (1024 bit)
> Modulus (1024 bit):
> 00:b6:c2:60:30:e0:52:bc:49:52:72:c7:16:68:b3:
> 66:3f:34:4b:7a:cf:3b:da:58:07:e1:10:ec:14:8b:
> 42:10:89:f1:b7:53:fd:7a:cb:9e:b6:de:bb:61:13:
> 16:11:91:be:49:c1:75:50:22:40:25:a8:ae:bd:3a:
> 7b:75:90:2f:1c:33:57:ca:f0:c8:01:c9:0d:8b:56:
> 80:6e:c1:46:9f:b4:dc:e4:9b:1f:bd:31:be:c9:1d:
> bf:63:d9:05:14:5a:bf:6e:f5:31:64:6c:14:c0:27:
> ae:7e:0f:7c:fa:e0:5c:f5:c2:4a:a2:ef:a9:f2:22:
> f7:7a:27:0a:63:c6:4f:27:75
> Exponent: 65537 (0x10001)
> Attributes:
> Requested Extensions:
> X509v3 Subject Alternative Name:
> DNS:waren.toutou.fr
> Signature Algorithm: sha1WithRSAEncryption
> 6b:9f:cd:9c:06:4b:68:c0:8b:95:93:ca:b6:8d:da:be:64:84:
> 0d:9d:03:8e:50:0b:0f:07:d7:0f:8a:8f:0f:11:d4:09:de:59:
> 32:dd:95:6a:c0:30:0d:a9:d2:71:76:d7:b6:c0:8f:57:03:fb:
> be:0f:e3:62:16:e2:39:1f:9c:15:f0:84:ba:6a:57:f7:a8:9b:
> e4:5a:60:3e:b5:b7:a3:79:ca:11:e0:95:50:fd:ee:56:e2:05:
> df:8d:ac:0e:f5:e3:31:a7:ea:d3:6e:7a:57:e7:67:fd:11:94:
> 58:72:cb:ee:f2:64:89:82:e2:b5:a9:8a:ea:a6:b7:1f:b7:84:
> 2c:60
>
> So it seems that the CA does not recognize the DNS x509_v3 option.
>
> How can i know it ?
Actually, CA does not recognize the DNS x509_v3 option. I had to use the
copy_extensions = copy
option in the openssl.cnf to activate it.
Now i can use multiple hostname certs with FDS.
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
More information about the Fedora-directory-users
mailing list