I can't allow our "production" users to get "invalid certificate" errors nor do I want to affect my clients with redirection requests. I am also helping our Exchange2007 folks with the autodiscovery function and the MS docs recommend a SAN-certificate for these very reasons. In my test environment, I am trying to proof this out using a test website and the self-signed certificate warning is expected, however considering the message below, the "invalid site" message is what I thought the use of a SAN-cert would eliminate:
[ ! The security certificate was issued by a company you have not chosen to trust. View the certificate... ! The name on the security certificate is invalid or does not match the name of the site ] Once I purchase a trusted certificate, I was assuming both of these warnings would be removed; I thought a SAN-certificate would allow me to connect to the website using alternative names without getting the "invalid or does not match" warning. Thanks, David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz Sent: Tuesday, September 18, 2007 6:54 PM To: openssl-users@openssl.org Subject: RE: Configuration file for subjectAltName > Below are my cnf file and the commands I tried. The key and the > crt were both created, however when I render the test website > using blah002.mysite.com I get a security warning message anyway. > I must have done something wrong or left off a step ... It's not clear what you are trying to do. That you get a security warning with a browser doesn't indicate anything wrong with your key or certificate, it just indicates that the browser doesn't trust your certificate to establish your identity. Is there any reason it should? If not, then this is correct behavior. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
