A certificate can have multiple common names; many applications support this. You need to be comfortable using the openssl configuration file syntax; here is a short snippet of one showing multiple common names:
. . . [ req ] default_bits = 1024 default_keyfile = server_priv.pem default_md = sha1 distinguished_name = req_distinguished_name prompt = yes string_mask = nombstr [ req_distinguished_name ] 1.CN = CN #1 1.CN_default = 127.0.0.1 2.CN = CN #2 2.CN_default = localhost L = locality, i.e. city L_default = Columbia ST = State ST_default = Maryland C = Country code, 2 letters C_default = US the recommended method is to use the subject Alternative name extension, in which case multiple names can be specified like the following (cribbed from Dr. Henson's response to an earlier post): ... DNS.1 = a.xxx.com DNS.2 = a.yyy.com DNS.3 = a.zzz.com or the single line version: subjectAltName= DNS:a.xxx.com, DNS:b.xxx.com, DNS:c.xxx.com ====================== Greg Stark [EMAIL PROTECTED] ====================== ----- Original Message ----- From: "Lutz Jaenicke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 05, 2001 5:11 PM Subject: Re: your mail > On Wed, Dec 05, 2001 at 02:47:39PM -0500, Jason Hendriks wrote: > > I needed an SSL certificate for my POP3-SSL server (ipopd), so I created a self-signed certificate using the CA.pl tool and openssl. It works fine, but my question is since there are two domains for this machine's IP, how can I create a certificate for more than one common name? Do I have to create two certificates and configure the daemon to look at both? Or do I combine two certificates into one somehow? > > It is not possible to have two domains on one IP, as there is only one > CommonName entry available in a certificate. > In the future it may be possible to have more than one entry by using > the dNSName feature of SubjectAlternateName, but as far as I know, > this is not widely supported by client software (read this last statement: > I don't know of any client software supporting it). > > Best regards, > Lutz > -- > Lutz Jaenicke [EMAIL PROTECTED] > BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ > Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 > Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
