On 04/08/2007 08:40 PM, Sander Temme wrote:
On Apr 8, 2007, at 11:24 AM, Henrik Nordstrom wrote:
Related to this, in current versions of TLS the client MAY advertise
which host it is desiring to get connected to which would also require
this if implemented in Apache mod_ssl. (server_name
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Virtual hosts and SSL don't mix. Or so people say, for the simple reason
that in order to reach the HTTP negotiation an SSL connection must be
established first with a certificate/key pair.
If you give it a try, Apache fills its log with the SSL
sön 2007-04-08 klockan 18:48 +0100 skrev Jay L. T. Cornwall:
So the part I'm leading up to is: how about a way to turn off these
warnings? Or perhaps a simple certificate analysis to see if the
wildcard matches all the virtual hosts for which it serves?
Sounds good to me.
Related to this,
On Apr 8, 2007, at 11:24 AM, Henrik Nordstrom wrote:
sön 2007-04-08 klockan 18:48 +0100 skrev Jay L. T. Cornwall:
So the part I'm leading up to is: how about a way to turn off these
warnings? Or perhaps a simple certificate analysis to see if the
wildcard matches all the virtual hosts for
On 04/08/2007 08:24 PM, Henrik Nordstrom wrote:
sön 2007-04-08 klockan 18:48 +0100 skrev Jay L. T. Cornwall:
So the part I'm leading up to is: how about a way to turn off these
warnings? Or perhaps a simple certificate analysis to see if the
wildcard matches all the virtual hosts for which
On 04/08/2007 08:40 PM, Sander Temme wrote:
On Apr 8, 2007, at 11:24 AM, Henrik Nordstrom wrote:
Related to this, in current versions of TLS the client MAY advertise
which host it is desiring to get connected to which would also require
this if implemented in Apache mod_ssl. (server_name
Me again.
Sun, Apr 08, 2007 at 11:43:07PM +0400, Eygene Ryabinkin wrote:
In the presence of the subjectAltName with the DNS
entries in it, the DNS name of the server SHOULD (if memory servers
me right: I am not able to find the reference document now) be
checked against the subjectAltName
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ruediger Pluem wrote:
This is not a good idea. Even though the client does not complain about
a wrong certificate in the case of a wildcard certificate there are
still pitfalls on the server side. All virtual host specific SSL
configuration