Date: Wed, 11 Aug 2004 11:08:20 -0600 From: RYAN vAN GINNEKEN <maillist@computerking.ca> To: questions@freebsd.org Subject: opennssl certs Message-ID: <411A5284.4090207@computerking.ca>
next in thread | raw e-mail | index | archive | help
I have created my own root certificate and key so i can become my own CA. Have created singed certs for my imap smtp and webmail server using the common name computerking.ca. This works fine for mozilla but with microsoft' s outlook and explorer i get errors about the CN name not matching the server name ie the name of the security certificate is invalid or does not match the name of the site. So now i have tried to create several certs with different CN names ( need one for mail.computerking and one for mail1.computerking.ca ) and signing them with the same CA but i get this error. v22.computerking.ca > /usr/local/sslcerts #openssl ca -out name-cert.pem -config ./openssl.cnf -infiles name-req.pem Using configuration from ./openssl.cnf Enter pass phrase for ./private/cakey.pem: Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows organizationName :PRINTABLE:'Computerking' organizationalUnitName:PRINTABLE:'Computerking Security' localityName :PRINTABLE:'Calgary' stateOrProvinceName :PRINTABLE:'Alberta' countryName :PRINTABLE:'CA' commonName :PRINTABLE:'mail1.computerking.ca' Certificate is to be certified until Aug 9 07:50:02 2014 GMT (3650 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 Is there a way to make just one cert that will work for microsoft products because the CN computerking.ca does not work for either mail1.computerking.ca or mail.computerking. Everything seems to work fine in Mozilla to bad i have clients that insist on using microsoft. Would an IP address work for microsoft????
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411A5284.4090207>