On Tue, Sep 18, 2007 at 01:46:42PM -0500, Murphy, David F wrote:
> Exchange 2007 certificates and the autodiscovery functions:
>
> According to this Microsoft article:
> http://msexchangeteam.com/archive/2007/07/02/445698.aspx
> <http://msexchangeteam.com/archive/2007/07/02/445698.aspx> a
> certificate with Subject Alternative Names (SAN) is the recommended
> method to purpose the use of the 'autodiscovery feature'.
>
> For example, I need to add the following three DNS names using the SAN
> extensions:
>
> exchangemail.mysite.com
> mysite.com
> autodiscover.mysite.com
>
> Has anyone out there done this already? If so, would you please share
> the openssl.cnf that you used and the commands you executed to utilize
> the configuration file?
Config file:
[ req ]
default_bits = 1024
default_md = sha1
default_keyfile = key.pem
distinguished_name = req_distinguished_name
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = New York
localityName = New York
organizationName = Acme Inc
organizationalUnitName = IT insecurity
commonName = www.example.com
emailAddress = [EMAIL PROTECTED]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# Verisign managed PKI, does not yet support subjectAltName in CSRs, instead
# they prompt for these in the enrollment form...
# If your CA support SAN CSRs, uncomment below.
# subjectAltName = @alt_names
[ alt_names ]
DNS.1 = www.example.com
DNS.2 = 0wn3d.example.com
Generate the CSR:
(umask 077; openssl genrsa -out key.pem 1024)
openssl req -config conf.cnf -new -key key.pem -out req.pem
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
