openssl certificates
Craig White
craigwhite at azapple.com
Tue Mar 29 14:21:14 UTC 2005
On Mon, 2005-03-28 at 09:05 -0600, Aleksandar Milivojevic wrote:
> Craig White wrote:
> > perhaps this is a tinyCA problem...
> >
> > I have the following line in openssl.conf
> >
> > subjectAltName = email:copy, DNS:srv1.tobyhouse.com,
> > DNS:www.tobyhouse.com, DNS:ldap.tobyhouse.com, DNS:mail.tobyhouse.com,
> > DNS:webmail.tobyhouse.com
> >
> > isn't this the proper style for this information?
>
> Looks good to me. But why do you want to have email bit in something
> that obviously looks like server certificate??? I'd get rid of
> "email:copy" part. It serves no purpuse in server certificates.
----
yeah - you're right - I was VERY frustrated with trying to get the
altNames into certificates but what I didn't say was that this was with
tinyCA application which has it's own way of dealing with them - it
wouldn't take this string in any form.
The author of tinyCA responded to me with...
---
No, that's no bug, but a functionality,which TinyCA doesn't understand.
You can use "Ask User" and type "raw" for the subjectAltName, then you
can enter the mentioned string during certificate creation.
---
Which explained to me what I needed to do.
Now I am struggling with generating certificates that old Macintosh OS 9
clients can accept. I am trying to reduce some of the haphazard methods
that I use (and don't fully understand) of creating certificates from
the command line by using this program (tinyCA) and it has been a slow
painful learning curve.
Craig
More information about the fedora-list
mailing list