[Fedora-directory-users] Creating a Certificate With Multiple Hostnames

Emmanuel BILLOT emmanuel.billot at ird.fr
Thu Feb 26 12:42:19 UTC 2009 

Emmanuel BILLOT a écrit :
> lambam80 at hotmail.com a écrit :
>> Wildcard certificates may still work.
>>  
>> Netscape unfortunately yanked their pages on the subject so my legacy 
>> Bookmarks can't help you.
>>  
>> I'm not sure if the CMS is able to create them, however, the page I 
>> remember related to the Netscape
>> Enterprise (read: Web) server.
>>  
>> However, I have found a reference:
>>  
>> https://www.thawte.com/ssl-digital-certificates/wildcardssl/index.html
>
> Ok found how to check my csr
>
> # openssl req -text -noout -in cert.csr
> Certificate Request:
>    Data:
>        Version: 0 (0x0)
>        Subject: C=FR, L=toutou, O=IRD, OU=DSI, CN=gaia.toutou.fr
>        Subject Public Key Info:
>            Public Key Algorithm: rsaEncryption
>            RSA Public Key: (1024 bit)
>                Modulus (1024 bit):
>                    00:b6:c2:60:30:e0:52:bc:49:52:72:c7:16:68:b3:
>                    66:3f:34:4b:7a:cf:3b:da:58:07:e1:10:ec:14:8b:
>                    42:10:89:f1:b7:53:fd:7a:cb:9e:b6:de:bb:61:13:
>                    16:11:91:be:49:c1:75:50:22:40:25:a8:ae:bd:3a:
>                    7b:75:90:2f:1c:33:57:ca:f0:c8:01:c9:0d:8b:56:
>                    80:6e:c1:46:9f:b4:dc:e4:9b:1f:bd:31:be:c9:1d:
>                    bf:63:d9:05:14:5a:bf:6e:f5:31:64:6c:14:c0:27:
>                    ae:7e:0f:7c:fa:e0:5c:f5:c2:4a:a2:ef:a9:f2:22:
>                    f7:7a:27:0a:63:c6:4f:27:75
>                Exponent: 65537 (0x10001)
>        Attributes:
>        Requested Extensions:
>            X509v3 Subject Alternative Name:
>                DNS:waren.toutou.fr
>    Signature Algorithm: sha1WithRSAEncryption
>        6b:9f:cd:9c:06:4b:68:c0:8b:95:93:ca:b6:8d:da:be:64:84:
>        0d:9d:03:8e:50:0b:0f:07:d7:0f:8a:8f:0f:11:d4:09:de:59:
>        32:dd:95:6a:c0:30:0d:a9:d2:71:76:d7:b6:c0:8f:57:03:fb:
>        be:0f:e3:62:16:e2:39:1f:9c:15:f0:84:ba:6a:57:f7:a8:9b:
>        e4:5a:60:3e:b5:b7:a3:79:ca:11:e0:95:50:fd:ee:56:e2:05:
>        df:8d:ac:0e:f5:e3:31:a7:ea:d3:6e:7a:57:e7:67:fd:11:94:
>        58:72:cb:ee:f2:64:89:82:e2:b5:a9:8a:ea:a6:b7:1f:b7:84:
>        2c:60
>
> So it seems that the CA does not recognize the DNS x509_v3 option.
>
> How can i know it ?  
Actually, CA does not recognize the DNS x509_v3 option. I had to use the

copy_extensions = copy

option in the openssl.cnf to activate it.
Now i can use multiple hostname certs with FDS.

-- 
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================

More information about the Fedora-directory-users mailing list