Hi everybody,
I am a newbie and have a confusion.
As I understand, the SubjectAlternativeName of a host certificate must
be the DNS name of the host. However, for my servers, the
SubjectAlterrnativeName is an email address. Do I misunderstand or is
there something incorrect?
Thanks in advance!
[root@ce ~]# openssl x509 -text -in /etc/grid-security/hostcert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 463 (0x1cf)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=FR, O=CNRS, CN=GRID2-FR
Validity
Not Before: May 26 12:34:44 2009 GMT
Not After : May 26 12:34:44 2010 GMT
Subject: O=GRID-FR, C=VN, O=VAST, OU=IOIT,
CN=ce.ioit.vngrid.vinaren.vn
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b8:a0:ce:4d:1e:96:89:2c:0d:7c:3a:ba:2d:7c:
08:c6:79:e5:c8:f0:2b:ff:2e:99:78:a7:35:9d:1d:
dd:71:a2:f7:c3:70:2a:0c:d8:7b:17:70:3c:b7:4f:
9e:43:0e:d5:72:76:0a:6a:70:de:8b:64:3a:d6:73:
85:f4:f5:fc:b4:78:ac:eb:7f:f8:1b:9a:75:4e:3b:
58:c8:d1:56:05:ee:de:bb:e5:b2:e6:4f:76:f7:c9:
7c:80:6d:89:1d:8f:0c:09:74:45:fc:f1:3c:a9:10:
6d:da:ed:8f:9b:63:51:5f:2b:43:76:ef:a0:5c:f0:
3c:35:b9:7f:97:4b:bf:cd:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment, Data
Encipherment, Key Agreement
Netscape Comment:
GRID2-FR server certificate
X509v3 Subject Key Identifier:
E0:E6:B3:05:DE:2C:B0:5D:D5:72:69:3F:49:4E:F3:1C:05:6F:34:F5
X509v3 Authority Key Identifier:
keyid:27:96:48:27:EE:21:B6:F2:AF:B1:2D:7D:FA:F7:D7:48:25:70:95:93
DirName:/C=FR/O=CNRS/CN=CNRS2-Projets
serial:03
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.10813.1.1.8.1.1
X509v3 Subject Alternative Name:
email:[log in to unmask]
X509v3 CRL Distribution Points:
URI:http://crls.services.cnrs.fr/GRID2-FR/getder.crl
1.3.6.1.4.1.7650.1:
unicoreNJS
Signature Algorithm: sha1WithRSAEncryption
64:bc:2c:97:01:53:12:28:31:39:47:d7:40:bb:0d:f1:5d:ed:
bd:fb:04:91:82:6b:5c:a9:9f:e4:90:76:03:90:18:43:a0:dc:
3b:36:51:70:5b:0c:a7:c7:3f:83:dd:16:b8:be:53:01:fc:57:
10:4a:71:92:ac:f0:f5:ba:00:60:92:9f:90:00:32:7c:68:2a:
5f:71:a1:b4:87:c8:47:08:91:84:e1:08:17:d9:7a:88:ad:ac:
25:a3:29:ee:9b:d0:49:c6:34:3c:8f:6e:cc:0f:91:fc:7d:be:
7c:2d:ef:75:66:cd:88:f8:4b:e3:fe:7e:16:94:cf:b1:1d:c0:
3d:8e:a2:99:ee:63:ef:41:6a:2d:c4:43:f3:19:52:bc:16:26:
69:9a:f0:5a:76:c1:74:ba:84:69:b5:b9:fe:c3:9f:e8:07:45:
29:07:50:cf:36:e5:7f:9d:6d:10:d0:4d:57:43:29:23:fd:3a:
4d:94:91:87:db:9f:60:1b:a3:ce:c0:36:ca:dd:6b:b1:7e:6a:
c6:80:a1:5c:a6:51:5f:9d:72:0e:7e:18:e5:d5:53:b3:96:62:
4b:1d:88:ac:bd:af:09:ae:69:33:76:cf:92:e5:70:04:23:87:
79:3b:9c:0f:fd:a1:23:9e:2b:ad:1f:28:e5:68:86:b6:11:41:
3b:9b:2a:85
-----BEGIN CERTIFICATE-----
MIID/DCCAuSgAwIBAgICAc8wDQYJKoZIhvcNAQEFBQAwLzELMAkGA1UEBhMCRlIx
DTALBgNVBAoTBENOUlMxETAPBgNVBAMTCEdSSUQyLUZSMB4XDTA5MDUyNjEyMzQ0
NFoXDTEwMDUyNjEyMzQ0NFowYTEQMA4GA1UEChMHR1JJRC1GUjELMAkGA1UEBhMC
Vk4xDTALBgNVBAoTBFZBU1QxDTALBgNVBAsTBElPSVQxIjAgBgNVBAMTGWNlLmlv
aXQudm5ncmlkLnZpbmFyZW4udm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
ALigzk0eloksDXw6ui18CMZ55cjwK/8umXinNZ0d3XGi98NwKgzYexdwPLdPnkMO
1XJ2Cmpw3otkOtZzhfT1/LR4rOt/+BuadU47WMjRVgXu3rvlsuZPdvfJfIBtiR2P
DAl0RfzxPKkQbdrtj5tjUV8rQ3bvoFzwPDW5f5dLv811AgMBAAGjggFyMIIBbjAM
BgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIGwDAOBgNVHQ8BAf8EBAMCA/gw
KgYJYIZIAYb4QgENBB0WG0dSSUQyLUZSIHNlcnZlciBjZXJ0aWZpY2F0ZTAdBgNV
HQ4EFgQU4OazBd4ssF3Vcmk/SU7zHAVvNPUwXAYDVR0jBFUwU4AUJ5ZIJ+4htvKv
sS19+vfXSCVwlZOhOKQ2MDQxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRYw
FAYDVQQDEw1DTlJTMi1Qcm9qZXRzggEDMBkGA1UdIAQSMBAwDgYMKwYBBAHUPQEB
CAEBMBwGA1UdEQQVMBOBEXZuZ3JpZEBpb2l0LmFjLnZuMEEGA1UdHwQ6MDgwNqA0
oDKGMGh0dHA6Ly9jcmxzLnNlcnZpY2VzLmNucnMuZnIvR1JJRDItRlIvZ2V0ZGVy
LmNybDAWBggrBgEEAbtiAQQKdW5pY29yZU5KUzANBgkqhkiG9w0BAQUFAAOCAQEA
ZLwslwFTEigxOUfXQLsN8V3tvfsEkYJrXKmf5JB2A5AYQ6DcOzZRcFsMp8c/g90W
uL5TAfxXEEpxkqzw9boAYJKfkAAyfGgqX3GhtIfIRwiRhOEIF9l6iK2sJaMp7pvQ
ScY0PI9uzA+R/H2+fC3vdWbNiPhL4/5+FpTPsR3APY6ime5j70FqLcRD8xlSvBYm
aZrwWnbBdLqEabW5/sOf6AdFKQdQzzblf51tENBNV0MpI/06TZSRh9ufYBujzsA2
yt1rsX5qxoChXKZRX51yDn4Y5dVTs5ZiSx2IrL2vCa5pM3bPkuVwBCOHeTucD/2h
I54rrR8o5WiGthFBO5sqhQ==
-----END CERTIFICATE-----
--
Vu Trong Hieu,
Institute of Information Technology, Vietnam Academy of Science and
Technology - Hanoi, Vietnam
|