On Mon, 6 Feb 2012 12:12:31 +0000
David O'Callaghan wrote:
> Hi Arnau,
Hi David,
after reading your reply I realized that my question was wrong.
> 3.3.12 subjectAlternativeName, issuerAlternativeName
>
> The subjectAlternativeName extension SHOULD be present for server
> certificates (including “host” and “service” certificates in the grid
> context), and, if present, MUST contain at least one FQDN in the
> dNSName attribute. If an end-entity certificate needs to contain an
>
> rfc822 email address, this rfc822 address SHOULD be included as an
> rfc822Name attribute in this extension only.
>
> For use with web server certificates, multiple FQDNs dNSName
> attributes can be added to allow name-based virtual hosting of
> secured web sites.
>
> (from http://www.ogf.org/documents/GFD.125.pdf)
I would like to ask for having DNS alias entries in X509v3 Subject
Alternative Name, not to ask about the DNS entry itself.
For example:
instead of:
# openssl x509 -in hostcert.pem -noout -text|grep -A1 'Subject Alternative Name'
X509v3 Subject Alternative Name:
URI:http://www.irisgrid.es/eeResolver?ee=a2b493c1, DNS:argus01.pic.es
having something like:
# openssl x509 -in hostcert.pem -noout -text|grep -A1 'Subject Alternative Name'
X509v3 Subject Alternative Name:
URI:http://www.irisgrid.es/eeResolver?ee=a2b493c1, DNS:argus01.pic.es, DNS:argus.pic.es
[...]
from your mail I guess the reply is yes.
> Kind regards,
> David
Many thanks for your reply,
Arnau
|