On Fri, Jan 02, 2004 at 02:09:39AM -0800, [EMAIL PROTECTED] wrote: > I run several SSL enabled services on a single host. Especially since > some of these don't run as root, I want to create a different > certificate, with a different DN, for each service. However, each > service certificates' CN must be the FQDN of the host.
Are you sure? There might be "www.example.com", "mail.example.com" and "dragonfly.example.com" each resolving to the same IP address with dragonfly be the unix hostname and www be the apache ServerName. > The kerberos > principal syntax, "service/FQDN" (eg. "imap/hal.discovery") doesn't > work; the CN must match the FQDN exactly. > > Is there a recommended style for synthesizing unique DNs for different > services on the same host? What's the problem if someone type www.example.com to the browser and get server certificate issued to www (hosted at dragonfly)? regards, Vadim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
