How can I add both IP address and DNS name? In my ip.ext file i have: subjectAltName=IP:10.6.73.72 subjectAltName=DNS:server.infr
I signed request with openssl ca -notext -extfile ip.ext -in /etc/ssl/req.txt > /etc/ssl/ilocert.pem I received certificate with only additional DNS name What should I do to have both DNS and IP? michu162 wrote: > > I've solved this problem. > I created file ip.ext with: > > subjectAltName=IP:10.5.19.191 > > To sign certificate I used: > > openssl ca -notext -extfile ip.ext -in /etc/ssl/req.txt > > /etc/ssl/ilocert.pem > > Everything works well! > Thanks > > Jakob Bohm-7 wrote: >> >> Depending on the CA you use, you may be able to issue a certificate with >> CN=some-ILO-name,OU=... >> >> AND >> >> SubjectAlternativeName: IP:1.2.3.4 >> >> If the ILO configuration accepts that cert, then there is a good chance >> you browser would accept the cert for both "https://some-ILO-name/"; and >> "https://1.2.3.4/"; >> >> On 24-07-2010 16:19, michu162 wrote: >>> >>> So what i should do to avoid warnings? >>> CN (some-iLO-2-Subsystem-Name) is included in certificate request, witch >>> is >>> automatically generated by device. I can't upload other certificate >>> (with >>> other CN) because i got alert that certificate doesn't match the >>> request. >>> Is possible to access device via IP without warnings? >>> >>> michu162 wrote: >>>> >>>> I generated the ssl request, I signed it in my CA (openssl) and >>>> uploaded >>>> signed certificate back to device. >>>> I generated also ca.der and uploaded it to my Internet browser. When I >>>> trying open ilo my browser give a warning about a mismatched hostname. >>>> >>>> I'm accessing this device via IP address. >>>> I don't want add this addresses to my DNS. >>>> >>>> In certificate request was: >>>> CN = some-iLO-2-Subsystem-Name >>>> OU = ISS >>>> O = Hewlett-Packard Development Company >>>> ST = Texas >>>> C = US >>>> >>>> In my CA certificate, witch I used to sign the request I've got: >>>> CN = in...@mycompany.com >>>> C = US >>>> ST = MyState >>>> L = myCity >>>> E = in...@mycompany.com >>>> OU = Infrastructure >>>> O = MyCompany SP zoo >>>> >>>> What should I do to connect to ilo without any warnings? >>>> >>>> To create my own CA i used: >>>> openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out >>>> cacert.pem -days 3650 -config ./openssl.cnf >>>> >>>> To sign my certificate request i used: >>>> openssl ca -notext -in /etc/ssl/req.txt> /etc/ssl/ilocert.pem >>>> >>>> My OpenSSL configuration file: >>>> # >>>> >>>> # Establish working directory. >>>> >>>> dir = /etc/ssl >>>> >>>> [ ca ] >>>> default_ca = CA_default >>>> >>>> [ CA_default ] >>>> serial = $dir/serial >>>> database = $dir/index.txt >>>> new_certs_dir = $dir/certs >>>> certificate = $dir/cacert.pem >>>> private_key = $dir/private/cakey.pem >>>> default_days = 3650 >>>> default_md = md5 >>>> preserve = no >>>> email_in_dn = no >>>> nameopt = default_ca >>>> certopt = default_ca >>>> policy = policy_match >>>> >>>> [ policy_match ] >>>> countryName = optional >>>> stateOrProvinceName = optional >>>> organizationName = optional >>>> organizationalUnitName = optional >>>> commonName = supplied >>>> emailAddress = optional >>>> >>>> [ req ] >>>> default_bits = 1024 # Size of keys >>>> default_keyfile = key.pem # name of generated >>>> keys >>>> default_md = md5 # message digest >>>> algorithm >>>> string_mask = nombstr # permitted characters >>>> distinguished_name = req_distinguished_name >>>> req_extensions = v3_req >>>> >>>> [ req_distinguished_name ] >>>> # Variable name Prompt string >>>> #------------------------- ---------------------------------- >>>> 0.organizationName = Organization Name (company) >>>> organizationalUnitName = Organizational Unit Name >>>> (department, >>>> division) >>>> emailAddress = Email Address >>>> emailAddress_max = 40 >>>> localityName = Locality Name (city, district) >>>> stateOrProvinceName = State or Province Name (full name) >>>> countryName = Country Name (2 letter code) >>>> countryName_min = 2 >>>> countryName_max = 2 >>>> commonName = Common Name (hostname, IP, or your name) >>>> commonName_max = 64 >>>> >>>> # Default values for the above, for consistency and less typing. >>>> # Variable name Value >>>> #------------------------ ------------------------------ >>>> 0.organizationName_default = My Company >>>> localityName_default = My Town >>>> stateOrProvinceName_default = State or Providence >>>> countryName_default = US >>>> >>>> [ v3_ca ] >>>> basicConstraints = CA:TRUE >>>> subjectKeyIdentifier = hash >>>> authorityKeyIdentifier = keyid:always,issuer:always >>>> >>>> [ v3_req ] >>>> basicConstraints = CA:FALSE >>>> subjectKeyIdentifier = hash >>>> >>>> Can anyone help me? >>>> >>>> >>> >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager majord...@openssl.org >> >> > > -- View this message in context: http://old.nabble.com/Why-does-my-browser-give-a-warning-about-a-mismatched-hostname-tp29237337p29317155.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
