I ran the following command, openssl x509 -text -in certname.crt
but I do not see any of the subjectAltNames from my config file. Is this the correct command to see the names in the cert? I am not getting an error, per say, but a common IE warning message about, "invalid or does not match" when I try and connect to my test website using an IE browser as a client. This works as expected when my URL is blah.mysite.com, however when I try using the alt_name blah002.mysite.com, I get the "invalid or does not match" warning. This is a self-signed cert so I fully expect to get the 'certificate not trusted' message, I was attempting to not have the "invalid or does not match" warning message. <><><> commonName = blah.mysite.com subjectAltName = @alt_names [ alt_names ] DNS.1 = blah.mysite.com DNS.2 = blah002.mysite.com <><><> Thanks, David -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Schwartz Sent: Wednesday, September 19, 2007 10:04 AM To: openssl-users@openssl.org Subject: RE: Configuration file for subjectAltName > Once I purchase a trusted certificate, I was assuming both of these > warnings would be removed; I thought a SAN-certificate would allow me to > connect to the website using alternative names without getting the > "invalid or does not match" warning. > > Thanks, > > David What error are you getting now? Is it specific about whether the problem is that certificate is invalid or that it does not match or what? The certificate only proves the identity of the server if the client is using a name that is contained in the certificate, and the client software uses the same stored in that place. What is the client software? What name is it using to access the server? And what are the contents of the name fields in the certificate? Is the certificate signed by an authority the clients are configured to trust? If there are any needed intermediate certificates, is the server sending them to the clients? If you're sure it's supposed to work, and it's not, you need to troubleshoot. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
