Parsing the extensions I get:
DEBUG 2015-09-18T10:52:21.234 "Exentensions: 4"
DEBUG 2015-09-18T10:52:21.234 "\"basicConstraints\" IsSupported: true"
DEBUG 2015-09-18T10:52:21.234 "\"keyUsage\" IsSupported: false"
DEBUG 2015-09-18T10:52:21.234 "\"extendedKeyUsage\" IsSupported: false"
DEBUG 2015-09-18T10:52:21.234 "\"subjectAltName\" IsSupported: false"
So this means that Subject Alternative Names isn't supported. How do I enable support for this?
Added after 44 minutes:
It seems that the SAN in the cert looks like this:
Subject Alternative Names: IP Address:127.0.0.1, IP Address:10.8.0.1, IP Address:174.36.209.157
Could it be that it isn't returning anything because
QMultiMap<QSsl::AlternativeNameEntryType, QString> altNames = cert.subjectAlternativeNames();
QMultiMap<QSsl::AlternativeNameEntryType, QString> altNames = cert.subjectAlternativeNames();
To copy to clipboard, switch view to plain text mode
Is expecting one of these:
enum AlternativeNameEntryType {
EmailEntry,
DnsEntry
};
enum AlternativeNameEntryType {
EmailEntry,
DnsEntry
};
To copy to clipboard, switch view to plain text mode
Added after 54 minutes:
I downloaded their source to see how they were populating the SAN stuff. Apparently, they only populate it if it is a DNS or Email entry. I found a sample cert online to parse to test this. I was right:
DEBUG 2015-09-18T12:34:04.894 "Subject Alternate Names (DNS):"
DEBUG 2015-09-18T12:34:04.897 "\"uat-apas.sait.ca\""
DEBUG 2015-09-18T12:34:04.897 "\"uat-integration.sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "\"cp-uat.sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "\"cp.sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "\"sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "\"*.sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "Alternate Subject Names (Email):"
DEBUG 2015-09-18T12:34:04.894 "Subject Alternate Names (DNS):"
DEBUG 2015-09-18T12:34:04.897 "\"uat-apas.sait.ca\""
DEBUG 2015-09-18T12:34:04.897 "\"uat-integration.sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "\"cp-uat.sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "\"cp.sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "\"sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "\"*.sait.ca\""
DEBUG 2015-09-18T12:34:04.898 "Alternate Subject Names (Email):"
To copy to clipboard, switch view to plain text mode
Thoughts? Do I just add the IP as a DNS entry in our certs?
Bookmarks