Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Aug 2004 11:08:20 -0600
From:      RYAN vAN GINNEKEN <maillist@computerking.ca>
To:        questions@freebsd.org
Subject:   opennssl certs
Message-ID:  <411A5284.4090207@computerking.ca>

next in thread | raw e-mail | index | archive | help
I have created my own root certificate and key so i can become my own
CA.  Have created singed certs for my imap smtp and webmail server
using the common name  computerking.ca.  This works fine for mozilla but
with microsoft' s outlook and explorer i get errors  about the CN name
not matching the server name ie the name of the security certificate is
invalid or does not match the name of the site.  So now i have tried to
create several certs with different CN names ( need one  for
mail.computerking and one for mail1.computerking.ca ) and signing them
with the same CA but i get this error.

v22.computerking.ca > /usr/local/sslcerts #openssl ca -out name-cert.pem
-config ./openssl.cnf -infiles name-req.pem
Using configuration from ./openssl.cnf
Enter pass phrase for ./private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName      :PRINTABLE:'Computerking'
organizationalUnitName:PRINTABLE:'Computerking Security'
localityName          :PRINTABLE:'Calgary'
stateOrProvinceName   :PRINTABLE:'Alberta'
countryName           :PRINTABLE:'CA'
commonName            :PRINTABLE:'mail1.computerking.ca'
Certificate is to be certified until Aug  9 07:50:02 2014 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2

Is there a way to make just one cert that will work for microsoft
products because the CN computerking.ca does not work for either
mail1.computerking.ca or mail.computerking.  Everything seems to work
fine in Mozilla  to bad  i have clients that insist on using microsoft.
Would an IP address work for microsoft????



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411A5284.4090207>