You can give it a try with wildcard CN=*.example.com
Ciprian
Sent from Vodafone BlackBerry
-----Original Message-----
From: pradyumna dash <neomatrix...@gmail.com>
Sender: owner-openssl-us...@openssl.org
Date: Tue, 13 Sep 2011 23:26:52
To: <openssl-users@openssl.org>
Reply-To: openssl-users@openssl.org
Subject: Issues with Creating a Certificate With Multiple Hostnames
Hi,
This is the setup I would like to have.
LDAP clients
_____________|___________________
|__________LoadBalancer1_________ |
| |
ldap1.example.com ldap2.example.com
My challange is I never did this kind of architecture before, My
question is how to create the certificate i mean what to provide in
common name or how to create a certificate which can be shared across
the servers, am using "openssl" ? I am using SLES 11(SP1) and the
setup would be a Multi-Master replication.
I have tried modifying
#vi /etc/ssl/openssl.cnf
in the below section i have added the list of hosts
[usr_cert]
subjectAltName = "DNS:ldap1.example.com <http://server1.example.com/>, DNS:
ldap2.example.com <http://ldap-1.example.com/>, DNS:
lbldap.example.com<http://ldap-3.example.com/>
”
but am getting the below error while trying the openssl debug commnd and in
my ldap log:
SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:530
SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:580
I have also tried :
[CA_default]
copy_extensions=copy
and keeping all the above entry in
req_extensions=v3_req
[v3_req] = "DNS:ldap1.example.com <http://server1.example.com/>, DNS:
ldap2.example.com <http://ldap-1.example.com/>, DNS:
lbldap.example.com<http://ldap-3.example.com/>
”
But No luck.
Please help.
Regards,
Neo
