[IT] How to generate a certificate including 2 common names

Hi,
to generate a certificate including 2 common names we are editing
/etc/ssl/openssl.cnf
this time.

Why?

To connect an iPhone4s and non4s devices we needed to run either two processes or using the guzzoni certificate on the non4s devices to connect to the proxy ( needed to edit /etc/hosts on non4s devices )
So with this method you can run one process with two common names included in one certificate.
Install it on your phones and use them over wifi and 3g

How does it work?

In the /etc/ssl/openssl.cnf we can edit and add requirements.
This means we can tell it what to ask for, the next time we are generating a certificate.

What do we need to add?

navigate to [ req_distinguished_name ] and find commonName_default
Replace it with the following

0.commonName_default = guzzoni.apple.com
0.commonName_max = 64
1.commonName = Common Name (eg, YOUR name)
1.commonName_default = www.domain.org
1.commonName_max = 64

Replace www.domain.org with your dyndns or static ip.
Now you can generate a new certificate with two common names.

cheers!
@AddiGaz

Twitter

Ich will ein druckfrisches #seoquartett von @beilharz gewinnen: t.co/CtyBxYKd #

@xlnzee @freemanrepo well its ready for weeks ... Just have no Time ... But soon :) #

Just a Bit busy here ... Soon there will be News =) #

@JimmyKane9 analyze the full packages. check there for new stuff. beside that the topic in the forum is pretty misleading. #

@theX0nic hihi nee lass mal ;-) #

5 Antworten zu [IT] How to generate a certificate including 2 common names

Feed für diesen Eintrag

1206 Hatzl 2012-01-10 9:29 pm

Gibts nen unterschied zwischen dieser methode oder ob ich den SiriProxy zweimal starte?
1207 Hatzl 2012-01-10 9:31 pm

& wie kann ich ein zertifikat mit 2 common name erstellen ? :O
1211 Wayne 2012-01-11 12:28 pm

@Hatzl Im Prinzip ist es das Gleiche wie zwei Server laufen zu lassen mit dem Vorteil dass nur einer läuft, funktioniert bei mir fantastisch.
Wie du es machst steht ja hier beschrieben. Danach wie bisher die Prozedur zu Zertifikaterstellung durchgehen, dir fällt dann beim Erstellen schon auf dass nach zwei Common Names gefragt wird.
1214 moe 2012-01-12 12:31 pm

I think it should be
0.commonName = Common Name (eg, YOUR name)
0.commonName_default = guzzoni.apple.com
0.commonName_max = 64
1.commonName = Common Name (eg, YOUR name)
1.commonName_default = Your dydns/IP/HOSTNAME
1.commonName_max = 64
@Hatzl just run the following again. make sure you put guzzoni.apple.com and your ip/dyndns/hostname in the TWO common names when prompted
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.passless.crt
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.passless.key
good luck
1236 Nian 2012-01-20 5:36 pm

Remember H1Siri? I couldn't figure out why it doesn't install a CA.crt when we could connect to their server.
Please Help.

Ketchup-Mayo-Senf.de - Blog

Why?

How does it work?

What do we need to add?

5 Antworten zu [IT] How to generate a certificate including 2 common names

Antwort hinterlassen

Durchsuchen

Über

Twitter

Feeds

Neueste Einträge

Blogroll

tags

Benutzer