Hi Hieuvt,
i don't see any problem with it, at least we put contact email (the
applicant responsible for the hostcert) in alternative name,
# openssl x509 -in /etc/grid-security/hostcert.pem -text |grep -A1
'Alternative Name'
X509v3 Issuer Alternative Name:
email:[log in to unmask],
URI:http://ca.grid.sinica.edu.tw/
X509v3 Subject Alternative Name:
email:[log in to unmask]
working on the ns service error observed at your wms box,
BR,
J
hieuvt wrote:
> Hi everybody,
>
> I am a newbie and have a confusion.
> As I understand, the SubjectAlternativeName of a host certificate must
> be the DNS name of the host. However, for my servers, the
> SubjectAlterrnativeName is an email address. Do I misunderstand or is
> there something incorrect?
>
> Thanks in advance!
>
> [root@ce ~]# openssl x509 -text -in /etc/grid-security/hostcert.pem
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 463 (0x1cf)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=FR, O=CNRS, CN=GRID2-FR
> Validity
> Not Before: May 26 12:34:44 2009 GMT
> Not After : May 26 12:34:44 2010 GMT
> Subject: O=GRID-FR, C=VN, O=VAST, OU=IOIT,
> CN=ce.ioit.vngrid.vinaren.vn
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (1024 bit)
> Modulus (1024 bit):
> 00:b8:a0:ce:4d:1e:96:89:2c:0d:7c:3a:ba:2d:7c:
> 08:c6:79:e5:c8:f0:2b:ff:2e:99:78:a7:35:9d:1d:
> dd:71:a2:f7:c3:70:2a:0c:d8:7b:17:70:3c:b7:4f:
> 9e:43:0e:d5:72:76:0a:6a:70:de:8b:64:3a:d6:73:
> 85:f4:f5:fc:b4:78:ac:eb:7f:f8:1b:9a:75:4e:3b:
> 58:c8:d1:56:05:ee:de:bb:e5:b2:e6:4f:76:f7:c9:
> 7c:80:6d:89:1d:8f:0c:09:74:45:fc:f1:3c:a9:10:
> 6d:da:ed:8f:9b:63:51:5f:2b:43:76:ef:a0:5c:f0:
> 3c:35:b9:7f:97:4b:bf:cd:75
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints: critical
> CA:FALSE
> Netscape Cert Type:
> SSL Client, SSL Server
> X509v3 Key Usage: critical
> Digital Signature, Non Repudiation, Key Encipherment, Data
> Encipherment, Key Agreement
> Netscape Comment:
> GRID2-FR server certificate
> X509v3 Subject Key Identifier:
> E0:E6:B3:05:DE:2C:B0:5D:D5:72:69:3F:49:4E:F3:1C:05:6F:34:F5
> X509v3 Authority Key Identifier:
>
> keyid:27:96:48:27:EE:21:B6:F2:AF:B1:2D:7D:FA:F7:D7:48:25:70:95:93
> DirName:/C=FR/O=CNRS/CN=CNRS2-Projets
> serial:03
>
> X509v3 Certificate Policies:
> Policy: 1.3.6.1.4.1.10813.1.1.8.1.1
>
> X509v3 Subject Alternative Name:
> email:[log in to unmask]
> X509v3 CRL Distribution Points:
> URI:http://crls.services.cnrs.fr/GRID2-FR/getder.crl
>
> 1.3.6.1.4.1.7650.1:
> unicoreNJS
> Signature Algorithm: sha1WithRSAEncryption
> 64:bc:2c:97:01:53:12:28:31:39:47:d7:40:bb:0d:f1:5d:ed:
> bd:fb:04:91:82:6b:5c:a9:9f:e4:90:76:03:90:18:43:a0:dc:
> 3b:36:51:70:5b:0c:a7:c7:3f:83:dd:16:b8:be:53:01:fc:57:
> 10:4a:71:92:ac:f0:f5:ba:00:60:92:9f:90:00:32:7c:68:2a:
> 5f:71:a1:b4:87:c8:47:08:91:84:e1:08:17:d9:7a:88:ad:ac:
> 25:a3:29:ee:9b:d0:49:c6:34:3c:8f:6e:cc:0f:91:fc:7d:be:
> 7c:2d:ef:75:66:cd:88:f8:4b:e3:fe:7e:16:94:cf:b1:1d:c0:
> 3d:8e:a2:99:ee:63:ef:41:6a:2d:c4:43:f3:19:52:bc:16:26:
> 69:9a:f0:5a:76:c1:74:ba:84:69:b5:b9:fe:c3:9f:e8:07:45:
> 29:07:50:cf:36:e5:7f:9d:6d:10:d0:4d:57:43:29:23:fd:3a:
> 4d:94:91:87:db:9f:60:1b:a3:ce:c0:36:ca:dd:6b:b1:7e:6a:
> c6:80:a1:5c:a6:51:5f:9d:72:0e:7e:18:e5:d5:53:b3:96:62:
> 4b:1d:88:ac:bd:af:09:ae:69:33:76:cf:92:e5:70:04:23:87:
> 79:3b:9c:0f:fd:a1:23:9e:2b:ad:1f:28:e5:68:86:b6:11:41:
> 3b:9b:2a:85
> -----BEGIN CERTIFICATE-----
> MIID/DCCAuSgAwIBAgICAc8wDQYJKoZIhvcNAQEFBQAwLzELMAkGA1UEBhMCRlIx
> DTALBgNVBAoTBENOUlMxETAPBgNVBAMTCEdSSUQyLUZSMB4XDTA5MDUyNjEyMzQ0
> NFoXDTEwMDUyNjEyMzQ0NFowYTEQMA4GA1UEChMHR1JJRC1GUjELMAkGA1UEBhMC
> Vk4xDTALBgNVBAoTBFZBU1QxDTALBgNVBAsTBElPSVQxIjAgBgNVBAMTGWNlLmlv
> aXQudm5ncmlkLnZpbmFyZW4udm4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
> ALigzk0eloksDXw6ui18CMZ55cjwK/8umXinNZ0d3XGi98NwKgzYexdwPLdPnkMO
> 1XJ2Cmpw3otkOtZzhfT1/LR4rOt/+BuadU47WMjRVgXu3rvlsuZPdvfJfIBtiR2P
> DAl0RfzxPKkQbdrtj5tjUV8rQ3bvoFzwPDW5f5dLv811AgMBAAGjggFyMIIBbjAM
> BgNVHRMBAf8EAjAAMBEGCWCGSAGG+EIBAQQEAwIGwDAOBgNVHQ8BAf8EBAMCA/gw
> KgYJYIZIAYb4QgENBB0WG0dSSUQyLUZSIHNlcnZlciBjZXJ0aWZpY2F0ZTAdBgNV
> HQ4EFgQU4OazBd4ssF3Vcmk/SU7zHAVvNPUwXAYDVR0jBFUwU4AUJ5ZIJ+4htvKv
> sS19+vfXSCVwlZOhOKQ2MDQxCzAJBgNVBAYTAkZSMQ0wCwYDVQQKEwRDTlJTMRYw
> FAYDVQQDEw1DTlJTMi1Qcm9qZXRzggEDMBkGA1UdIAQSMBAwDgYMKwYBBAHUPQEB
> CAEBMBwGA1UdEQQVMBOBEXZuZ3JpZEBpb2l0LmFjLnZuMEEGA1UdHwQ6MDgwNqA0
> oDKGMGh0dHA6Ly9jcmxzLnNlcnZpY2VzLmNucnMuZnIvR1JJRDItRlIvZ2V0ZGVy
> LmNybDAWBggrBgEEAbtiAQQKdW5pY29yZU5KUzANBgkqhkiG9w0BAQUFAAOCAQEA
> ZLwslwFTEigxOUfXQLsN8V3tvfsEkYJrXKmf5JB2A5AYQ6DcOzZRcFsMp8c/g90W
> uL5TAfxXEEpxkqzw9boAYJKfkAAyfGgqX3GhtIfIRwiRhOEIF9l6iK2sJaMp7pvQ
> ScY0PI9uzA+R/H2+fC3vdWbNiPhL4/5+FpTPsR3APY6ime5j70FqLcRD8xlSvBYm
> aZrwWnbBdLqEabW5/sOf6AdFKQdQzzblf51tENBNV0MpI/06TZSRh9ufYBujzsA2
> yt1rsX5qxoChXKZRX51yDn4Y5dVTs5ZiSx2IrL2vCa5pM3bPkuVwBCOHeTucD/2h
> I54rrR8o5WiGthFBO5sqhQ==
> -----END CERTIFICATE-----
>
--
Jason Shih
ASGC/OPS
Tel: +886-2-2789-8374
Fax: +886-2-2783-5434
|