How to verify the DNS name constraint

dn42 wiki commited 2015-01-26 23:18:00 +0000 commit 89f0bdaac5c979bdce826ce81ca766b5b6a0adec

				services/Certificate-Authority.md
			
          @@ -1,6 +1,19 @@

           # SSL Certificate Authority

          -internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. If you would like to trust the certificate import the following:

          +internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. 

          +

          +The name constraints can be verified for example by using openssl:

          +```

          +    openssl x509 -in dn42.crt -text -noout

          +```

          +which will show among other things:

          +```

          +    X509v3 Name Constraints: 

          +      Permitted:

          +        DNS:.dn42

          +```

          +

          +If you would like to trust the certificate import the following:

           ```

           -----BEGIN CERTIFICATE-----

...	...	@@ -1,6 +1,19 @@
1	1	# SSL Certificate Authority
2	2
3		-internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses. If you would like to trust the certificate import the following:
	3	+internal.dn42 is signed by an internally maintained CA that is only allowed to sign *.dn42 domains or 172.22.0.0/15 ip addresses.
	4	+
	5	+The name constraints can be verified for example by using openssl:
	6	+```
	7	+ openssl x509 -in dn42.crt -text -noout
	8	+```
	9	+which will show among other things:
	10	+```
	11	+ X509v3 Name Constraints:
	12	+ Permitted:
	13	+ DNS:.dn42
	14	+```
	15	+
	16	+If you would like to trust the certificate import the following:
4	17
5	18	```
6	19	-----BEGIN CERTIFICATE-----