Solution: subjectAltName=IP:10.6.73.72,DNS:server.infr
michu162 wrote: > > How can I add both IP address and DNS name? > In my ip.ext file i have: > > subjectAltName=IP:10.6.73.72 > subjectAltName=DNS:server.infr > > I signed request with > openssl ca -notext -extfile ip.ext -in /etc/ssl/req.txt > > /etc/ssl/ilocert.pem > I received certificate with only additional DNS name > > What should I do to have both DNS and IP? > > michu162 wrote: >> >> I've solved this problem. >> I created file ip.ext with: >> >> subjectAltName=IP:10.5.19.191 >> >> To sign certificate I used: >> >> openssl ca -notext -extfile ip.ext -in /etc/ssl/req.txt > >> /etc/ssl/ilocert.pem >> >> Everything works well! >> Thanks >> >> Jakob Bohm-7 wrote: >>> >>> Depending on the CA you use, you may be able to issue a certificate with >>> CN=some-ILO-name,OU=... >>> >>> AND >>> >>> SubjectAlternativeName: IP:1.2.3.4 >>> >>> If the ILO configuration accepts that cert, then there is a good chance >>> you browser would accept the cert for both "https://some-ILO-name/"; and >>> "https://1.2.3.4/"; >>> >>> On 24-07-2010 16:19, michu162 wrote: >>>> >>>> So what i should do to avoid warnings? >>>> CN (some-iLO-2-Subsystem-Name) is included in certificate request, >>>> witch is >>>> automatically generated by device. I can't upload other certificate >>>> (with >>>> other CN) because i got alert that certificate doesn't match the >>>> request. >>>> Is possible to access device via IP without warnings? >>>> >>>> michu162 wrote: >>>>> >>>>> I generated the ssl request, I signed it in my CA (openssl) and >>>>> uploaded >>>>> signed certificate back to device. >>>>> I generated also ca.der and uploaded it to my Internet browser. When I >>>>> trying open ilo my browser give a warning about a mismatched hostname. >>>>> >>>>> I'm accessing this device via IP address. >>>>> I don't want add this addresses to my DNS. >>>>> >>>>> In certificate request was: >>>>> CN = some-iLO-2-Subsystem-Name >>>>> OU = ISS >>>>> O = Hewlett-Packard Development Company >>>>> ST = Texas >>>>> C = US >>>>> >>>>> In my CA certificate, witch I used to sign the request I've got: >>>>> CN = in...@mycompany.com >>>>> C = US >>>>> ST = MyState >>>>> L = myCity >>>>> E = in...@mycompany.com >>>>> OU = Infrastructure >>>>> O = MyCompany SP zoo >>>>> >>>>> What should I do to connect to ilo without any warnings? >>>>> >>>>> To create my own CA i used: >>>>> openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem >>>>> -out >>>>> cacert.pem -days 3650 -config ./openssl.cnf >>>>> >>>>> To sign my certificate request i used: >>>>> openssl ca -notext -in /etc/ssl/req.txt> /etc/ssl/ilocert.pem >>>>> >>>>> My OpenSSL configuration file: >>>>> # >>>>> >>>>> # Establish working directory. >>>>> >>>>> dir = /etc/ssl >>>>> >>>>> [ ca ] >>>>> default_ca = CA_default >>>>> >>>>> [ CA_default ] >>>>> serial = $dir/serial >>>>> database = $dir/index.txt >>>>> new_certs_dir = $dir/certs >>>>> certificate = $dir/cacert.pem >>>>> private_key = $dir/private/cakey.pem >>>>> default_days = 3650 >>>>> default_md = md5 >>>>> preserve = no >>>>> email_in_dn = no >>>>> nameopt = default_ca >>>>> certopt = default_ca >>>>> policy = policy_match >>>>> >>>>> [ policy_match ] >>>>> countryName = optional >>>>> stateOrProvinceName = optional >>>>> organizationName = optional >>>>> organizationalUnitName = optional >>>>> commonName = supplied >>>>> emailAddress = optional >>>>> >>>>> [ req ] >>>>> default_bits = 1024 # Size of keys >>>>> default_keyfile = key.pem # name of generated >>>>> keys >>>>> default_md = md5 # message digest >>>>> algorithm >>>>> string_mask = nombstr # permitted characters >>>>> distinguished_name = req_distinguished_name >>>>> req_extensions = v3_req >>>>> >>>>> [ req_distinguished_name ] >>>>> # Variable name Prompt string >>>>> #------------------------- ---------------------------------- >>>>> 0.organizationName = Organization Name (company) >>>>> organizationalUnitName = Organizational Unit Name >>>>> (department, >>>>> division) >>>>> emailAddress = Email Address >>>>> emailAddress_max = 40 >>>>> localityName = Locality Name (city, district) >>>>> stateOrProvinceName = State or Province Name (full name) >>>>> countryName = Country Name (2 letter code) >>>>> countryName_min = 2 >>>>> countryName_max = 2 >>>>> commonName = Common Name (hostname, IP, or your name) >>>>> commonName_max = 64 >>>>> >>>>> # Default values for the above, for consistency and less typing. >>>>> # Variable name Value >>>>> #------------------------ ------------------------------ >>>>> 0.organizationName_default = My Company >>>>> localityName_default = My Town >>>>> stateOrProvinceName_default = State or Providence >>>>> countryName_default = US >>>>> >>>>> [ v3_ca ] >>>>> basicConstraints = CA:TRUE >>>>> subjectKeyIdentifier = hash >>>>> authorityKeyIdentifier = keyid:always,issuer:always >>>>> >>>>> [ v3_req ] >>>>> basicConstraints = CA:FALSE >>>>> subjectKeyIdentifier = hash >>>>> >>>>> Can anyone help me? >>>>> >>>>> >>>> >>> >>> ______________________________________________________________________ >>> OpenSSL Project http://www.openssl.org >>> User Support Mailing List openssl-users@openssl.org >>> Automated List Manager majord...@openssl.org >>> >>> >> >> > > -- View this message in context: http://old.nabble.com/Why-does-my-browser-give-a-warning-about-a-mismatched-hostname-tp29237337p29317184.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
