Re: [Exim] More than one X509 Server Cert with different CN…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Uwe Guenther
Datum:  
To: exim-users
Betreff: Re: [Exim] More than one X509 Server Cert with different CNs
This is a cryptographically signed message in MIME format.
--
Tony Earnshaw wrote:
>
> subjectAltName gives you the opportunity of using more than one subject
> CN (common name) in a host certificate.


Well this works fine. I use with my own openssl CA

    # while request
    commmonName = mx.cscc.de


and
    # while signing the request
    subjectAltName = DNS:smtp.cscc.de


> If you're using Openssl to generate self-signed certificates:


No I use my own Root CA with intermediate Server and User CA to
sign Server certs and User(email, codesigning, authorized clients)
certs.

> a: Internet search on "subjectAltName" and PKIX
> b: 'less openssl.cnf', look for "subjectAltName"
> c: 'man x509', 'man ca', look for "subject"


The last two will not cover the whole picture... ;-) but a.) :-)

> If you're using a commercial CA, you could experience difficulty in
> getting the issuer to implement subjectAltName; moreover it's possible
> that old client versions might not understand it.


Mozilla 1.6 works fine with subjectAltName

--
Best regards Uwe
--
Content-Description: S/MIME Cryptographic Signature

[ smime.p7s of type application/x-pkcs7-signature deleted ]
--