How to verify the DNS name constraint

dn42 wiki commited 2015-01-26 23:18:00 +0000 commit 89f0bdaac5c979bdce826ce81ca766b5b6a0adec

services/Certificate-Authority.md

@@ -1,6 +1,19 @@

 # SSL Certificate Authority

-internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. If you would like to trust the certificate import the following:

+internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. 

+

+The name constraints can be verified for example by using openssl:

+```

+ openssl x509 -in dn42.crt -text -noout

+```

+which will show among other things:

+```

+ X509v3 Name Constraints: 

+ Permitted:

+ DNS:.dn42

+```

+

+If you would like to trust the certificate import the following:

 ```

 -----BEGIN CERTIFICATE-----

...	...	@@ -1,6 +1,19 @@
1	1	# SSL Certificate Authority
2	2
3		-internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. If you would like to trust the certificate import the following:
	3	+internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses.
	4	+
	5	+The name constraints can be verified for example by using openssl:
	6	+```
	7	+ openssl x509 -in dn42.crt -text -noout
	8	+```
	9	+which will show among other things:
	10	+```
	11	+ X509v3 Name Constraints:
	12	+ Permitted:
	13	+ DNS:.dn42
	14	+```
	15	+
	16	+If you would like to trust the certificate import the following:
4	17
5	18	```
6	19	-----BEGIN CERTIFICATE-----