Howard Chu hyc@symas.com wrote:
http://openssl.org/docs/apps/ca.html# http://openssl.org/docs/apps/x509v3_config.html#
I should note that these are the same man pages that are bundled in the OpenSSL packages themselves. It seems odd to go to search engines when the info you're looking for is already on your own machine. It seems odd to go to search engines instead of the home web sites of the actual software you're working with...
Well, that documentation (which I already checked) is a good reference documentation, but it's a very poor for learning how to actually do things.
I found no documentation what should exactly be done to generate certificates with subjectAltName for a bunch of machines sharing the same DNS address. After loosing a lot of time on it, I reported how I created certificates with subjectAltName, with the hope it could help others that would face the same problem: http://www.openldap.org/lists/openldap-software/200707/msg00326.html
Nobody told me it was wrong, which proves either that this setup is really not obvious for anyone, or that it is of no interest to anyone. I'll retain the first alternative and I'll post an update when I'll have found how this should be done.
However, having to loose days of work on problems that other already solved is very frustrating.