Impossible to make SSL AltName to work
Hello everybody,
I would like to access a https server using the IP in the URL string with my browser without having the certificate warning. Right now, I have my CA certificate imported into my browser and the server private key and certificate placed into the https server. The cn field equals the fqdn: myserver.example.com When I access myserver.example.com with my broswer everything just works fine. = I read that I should use subjectAltName if I wanted to access this server with the IP 1.1.1.1 So I modified the openssl.cnf I regenerated my server certificate and signed it with the CA. Code:
# openssl x509 -in servercert.crt -noout -text Code:
Subject: C=FR, ST=IDF, L=Paris, O=MyOrg, OU=MyDpt, CN=myserver.example.com/subjectAltName=1.1.1.1/emailAddress=email@example.com Code:
#openssl s_client -connect 1.1.1.1:443 -state -debug Code:
subject=/C=FR/ST=IDF/L=Paris/O=MyOrg/OU=MyDpt/CN=myserver.example.com/subjectAltName=1.1.1.1/emailAddress=email@example.com Code:
#openssl s_client -connect 1.1.1.1:443 -state -debug Code:
subject=/C=FR/ST=IDF/L=Paris/O=MyOrg/OU=MyDpt/CN=myserver.example.com/subjectAltName=IP:1.1.1.1/emailAddress=email@example.com Does someone have an idea on how to troubleshoot this ? |
You've installed a cert for 1.1.1.1 but it's actually at 10.200.108.162 ?
|
Hello linosaurusroot,
Yes I miswrote the address because I wanted to have a generic address on the forum. I have corrected it now. I also tried IP:1.1.1.1 as an alternative name, it didn't work. Thank you |
All times are GMT -5. The time now is 01:01 AM. |