On Mon, 2005-03-28 at 09:05 -0600, Aleksandar Milivojevic wrote: > Craig White wrote: > > perhaps this is a tinyCA problem... > > > > I have the following line in openssl.conf > > > > subjectAltName = email:copy, DNS:srv1.tobyhouse.com, > > DNS:www.tobyhouse.com, DNS:ldap.tobyhouse.com, DNS:mail.tobyhouse.com, > > DNS:webmail.tobyhouse.com > > > > isn't this the proper style for this information? > > Looks good to me. But why do you want to have email bit in something > that obviously looks like server certificate??? I'd get rid of > "email:copy" part. It serves no purpuse in server certificates. ---- yeah - you're right - I was VERY frustrated with trying to get the altNames into certificates but what I didn't say was that this was with tinyCA application which has it's own way of dealing with them - it wouldn't take this string in any form. The author of tinyCA responded to me with... --- No, that's no bug, but a functionality,which TinyCA doesn't understand. You can use "Ask User" and type "raw" for the subjectAltName, then you can enter the mentioned string during certificate creation. --- Which explained to me what I needed to do. Now I am struggling with generating certificates that old Macintosh OS 9 clients can accept. I am trying to reduce some of the haphazard methods that I use (and don't fully understand) of creating certificates from the command line by using this program (tinyCA) and it has been a slow painful learning curve. Craig
