So what i should do to avoid warnings? CN (some-iLO-2-Subsystem-Name) is included in certificate request, witch is automatically generated by device. I can't upload other certificate (with other CN) because i got alert that certificate doesn't match the request. Is possible to access device via IP without warnings?
michu162 wrote: > > I generated the ssl request, I signed it in my CA (openssl) and uploaded > signed certificate back to device. > I generated also ca.der and uploaded it to my Internet browser. When I > trying open ilo my browser give a warning about a mismatched hostname. > > I'm accessing this device via IP address. > I don't want add this addresses to my DNS. > > In certificate request was: > CN = some-iLO-2-Subsystem-Name > OU = ISS > O = Hewlett-Packard Development Company > ST = Texas > C = US > > In my CA certificate, witch I used to sign the request I've got: > CN = in...@mycompany.com > C = US > ST = MyState > L = myCity > E = in...@mycompany.com > OU = Infrastructure > O = MyCompany SP zoo > > What should I do to connect to ilo without any warnings? > > To create my own CA i used: > openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out > cacert.pem -days 3650 -config ./openssl.cnf > > To sign my certificate request i used: > openssl ca -notext -in /etc/ssl/req.txt > /etc/ssl/ilocert.pem > > My OpenSSL configuration file: > # > > # Establish working directory. > > dir = /etc/ssl > > [ ca ] > default_ca = CA_default > > [ CA_default ] > serial = $dir/serial > database = $dir/index.txt > new_certs_dir = $dir/certs > certificate = $dir/cacert.pem > private_key = $dir/private/cakey.pem > default_days = 3650 > default_md = md5 > preserve = no > email_in_dn = no > nameopt = default_ca > certopt = default_ca > policy = policy_match > > [ policy_match ] > countryName = optional > stateOrProvinceName = optional > organizationName = optional > organizationalUnitName = optional > commonName = supplied > emailAddress = optional > > [ req ] > default_bits = 1024 # Size of keys > default_keyfile = key.pem # name of generated keys > default_md = md5 # message digest algorithm > string_mask = nombstr # permitted characters > distinguished_name = req_distinguished_name > req_extensions = v3_req > > [ req_distinguished_name ] > # Variable name Prompt string > #------------------------- ---------------------------------- > 0.organizationName = Organization Name (company) > organizationalUnitName = Organizational Unit Name (department, > division) > emailAddress = Email Address > emailAddress_max = 40 > localityName = Locality Name (city, district) > stateOrProvinceName = State or Province Name (full name) > countryName = Country Name (2 letter code) > countryName_min = 2 > countryName_max = 2 > commonName = Common Name (hostname, IP, or your name) > commonName_max = 64 > > # Default values for the above, for consistency and less typing. > # Variable name Value > #------------------------ ------------------------------ > 0.organizationName_default = My Company > localityName_default = My Town > stateOrProvinceName_default = State or Providence > countryName_default = US > > [ v3_ca ] > basicConstraints = CA:TRUE > subjectKeyIdentifier = hash > authorityKeyIdentifier = keyid:always,issuer:always > > [ v3_req ] > basicConstraints = CA:FALSE > subjectKeyIdentifier = hash > > Can anyone help me? > > -- View this message in context: http://old.nabble.com/Why-does-my-browser-give-a-warning-about-a-mismatched-hostname-tp29237337p29255142.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
