Re: openssl certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2005-03-28 at 09:05 -0600, Aleksandar Milivojevic wrote:
> Craig White wrote:
> > perhaps this is a tinyCA problem...
> > 
> > I have the following line in openssl.conf
> > 
> > subjectAltName = email:copy, DNS:srv1.tobyhouse.com,
> > DNS:www.tobyhouse.com, DNS:ldap.tobyhouse.com, DNS:mail.tobyhouse.com,
> > DNS:webmail.tobyhouse.com
> > 
> > isn't this the proper style for this information?
> 
> Looks good to me.  But why do you want to have email bit in something 
> that obviously looks like server certificate???  I'd get rid of 
> "email:copy" part.  It serves no purpuse in server certificates.
----
yeah - you're right - I was VERY frustrated with trying to get the
altNames into certificates but what I didn't say was that this was with
tinyCA application which has it's own way of dealing with them - it
wouldn't take this string in any form.

The author of tinyCA responded to me with...
---
No, that's no bug, but a functionality,which TinyCA doesn't understand.

You can use "Ask User" and type "raw" for the subjectAltName, then you
can enter the mentioned string during certificate creation.
---
Which explained to me what I needed to do.

Now I am struggling with generating certificates that old Macintosh OS 9
clients can accept. I am trying to reduce some of the haphazard methods
that I use (and don't fully understand) of creating certificates from
the command line by using this program (tinyCA) and it has been a slow
painful learning curve.

Craig


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux