that was me, the way I tried to sing certificate were... incorrect
apologies and great and many thanks to everybody
I can now ldapsearch on both slapd.domain.local and slap.domain.external with -ZZZ, all good (only cannot confirm if CN has to be repeated in subjectAltName as per Olo's tip, currently it IS repeatedin my cert) last bit is WPMU Ldap Auth on Wordpress 3.6.1 which is somehow not working :) hmm..
regards
On 10/21/2013 10:06 AM, Christian Kratzer wrote:
Hi,
On Mon, 21 Oct 2013, lejeczek wrote:
ok, above doesn't get me much more than what was in my command line but still no! subjectAltNames, I had a similar thought to what Quanah suggested but first, before I try different ssl toolchain I shall assume it is me messing thing up. I definitively have subjectAltNames in my request, the I sign:
Do you have them in the resulting request or certificate or do you have them ?
If you do have them then you should see them in the resulting request or certificate file.
openssl x509 -req -extensions v3_req -days 365 -in .... -signkey ... -out ...
where is the problem?
where are you specifying the actual subjectAltNames ?
I use following in the specific openssl.cnf I use for signing.
[ v3_req ] subjectAltName = $ENV::ALTNAME
I then supply the subjectAltnames and the COMMONNAME using the environment:
env COMMONNAME=$fqdn ALTNAME=$subjectAltName openssl req -new -nodes -keyout $CERTDIR/$name.key -out $CERTDIR/$name.csr -config $CONFIG
Greetings Christian