Hi Rodney, Thanks for the reply.
What I have is a cert request from a 2003 server with the following as an example: Subject Name (SN): servername.domainname.com.au Subject Alternative Name (SAN): AlternateServername.domainname.com.au I am far from an expert on certificates, but I know these can be signed from a Windows 2003 CA or say Verisign with the following options: Server Authentication Client Authentication Subject Name (as above) Subject Alternative Name (as above) So I have certificates like these signed from the above mentioned CA's, but I am looking to sign these requests myself with the same parameters using something like Open SSL. The initial cert requests are done with utilities that come with Microsoft products. One Microsoft product that I am using at the moment is the Certificate Wizard that comes with OCS 2007 that allows you to choose the SN and SAN, or even multiple SAN's. Like I mentioned, I am not an expert on SSL certs, so I am looking to get pointers in the right direction on where to investigate\read so I can get my head around how this could be achieved. I will investigate more of what you have mentioned below, but if you have more feedback then that is welcomed. Thank you. Phil. On Nov 10, 2007 3:08 AM, Rodney Thayer <[EMAIL PROTECTED]> wrote: > Are you saying you have a Microsoft Windows 2003 Server system > that has already created a certificate request (PKCS-10 formatted > data file) with multiple subjectaltname's, and you would like > an OpenSSL-based CA to sign it and grant it "server authentication" > and "client authentication" key usage? > > You wouldn't happen to have a reference as to how you cooked > this certificate request, do you? > > w.r.t. server-auth and client-auth, it's something the CA > grants, I believe. I think that if you look around for > list posts discussing manipulating the inside of openssl.cnf > to provide such a thing that may help. I believe that goes > in the "ca policy" section. > > I don't recall pkcs-10 being capable of supporting a certificate > request that's got subjectaltnames - that'd be interesting > to share if you know how to do that... > > > Phil wrote: > > Hi there, > > > > Up to now I have ever only done certs for web servers which are quite > > straight forward. > > > > I now have the requirement to fulfill requests with the following: > > > > multiple subject alternative names > > server authentication > > client authentication > > > > If anyone can pass on info or point me in the right direction of other > > posts, that would be great. I need to know how to take a request from > > a windows server and sign in correctly with all these options. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
