Clayton Keller <inetad...@ruraltel.net> writes: > First off, my apologies if this strays a bit off-list. > > I'm trying to setup a test environment using TLS and a self-signed > certificate using Subject Alternative Name. From my research this > should allow me to use multiple hostnames with a single certificate. > > I have no issues using TLS and a single domain with a self-signed > cert. However, when creating the certificate using the multiple > hostnames, my I see the following type of issue: > > 1. The email client generates an error indicating the certificate is > invalid and requires an exception be added. > > 2. The following shows up in my logging: > > --- > Aug 24 14:41:54 mta-test postfix/smtpd[27174]: SSL3 alert > read:fatal:bad certificate > > Aug 24 14:41:54 mta-test postfix/smtpd[27174]: warning: TLS library > problem: 27174:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert > bad certificate:s3_pkt.c:1086:SSL alert number 42: > --- > > If anyone has experience with the use of Subject Alternative Name with > their certificates any info would greatly be appreciated, or any > additional info regarding the "SSL alert number 42" that I am seeing.
If you create server certificates with openssl just add to openssl.cnf ... [ usr_cert ] ... subjectAltName=DNS:localhost,DNS:smtp2.example.com,DNS:smtp3.example.com ... and create and sign an appropriate server certificate. -Dieter -- Dieter Klünter | Systemberatung sip: 7770...@sipgate.de http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
