Fun with Alternative Names in Certificates

February 1, 2008 at 7:55 am | Posted in Uncategorized | Leave a comment

Yesterday we eventually got around to putting new certificates on our servers at work. And we tried to do it right. In particular we wanted the certificates to be valid for all DNS names, the server can be accessed with.

Easy! Use Alternative Names! So in addition to the Common Name we’ve had before, we put in all the other DNS names as alternative names. Bummer!

The result with Firefox (on various platforms):

When trying the Common Name: The familiar popup

You have attempted to establish a connection with “<Common Name>”. However, the security certificate presented belongs to “<Common Name>”…

Note the funny twist with mentioning twice the same name.

When trying one of the alternative names, it worked well.

So the lesson we learnt: Add the Common Name as Alternative Name, too, and you’ll be happy.


Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at
Entries and comments feeds.

%d bloggers like this: