> From: owner-openssl-us...@openssl.org On Behalf Of Hopkins, Nathan
> Sent: Wednesday, 31 August, 2011 21:32
> I tested with below, all looks good. After running I am converting
> to .der files and generating a keystore with ImportKey.java -
> could this be removing what is needed?
"looks good" means 'x509 -text -noout' DOES show S-A-N?
If it's in the cert at all, it's within the signed part,
so nothing that processes the cert can remove or modify it
without invalidating the signature, which should cause
(hopefully obvious) errors whenever it is used for anything.
> From: owner-openssl-us...@openssl.org
<owner-openssl-us...@openssl.org>
> Before using the cert, test it with the command:
> openssl x509 -in yourcert.cer -noout -text
> If the parameters were in the right place, you should see all the
extra
> names as
> "SubjectAlternativeName" attributes in the cert.
> On 8/31/2011 11:52 PM, Hopkins, Nathan wrote:
<snip>
> > I have also observed when viewing the certificates I am unable to
see
> > any references to the alt_names added, I have double checked the
CA
> > certificate created with below steps has been successfully added
to
> > Authorities and for the CN it works as expected.
'viewing the certificates' where and how?
If it's in a java keystore, keytool -list -v should show all extensions
including S-A-N.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
