On 18 May 00, at 13:40, Frank Knobbe at Home wrote:
> The certificate is issued to a domain, you are correct. However, what
> to you think the FQDN resolves to? An IP address... Also, on the
> server you typically install a certificate to a certain IP address if
> you have more than one sites/IP addresses on the server.
What I meant was that the cert is not bound to the IP for the FQDN that it is
bound too, the FQDN can be bound to any IP that resolves to the server. I've
been through the process of changing my web server ips from public to
private and using NAT at the firewall to map the public to the private, and it
went smoothly. As to a cert typically needing an IP address for a cert I think
you'll find that it's a requirement unless you use some sort of wildcarding as
the SSL connection has to be negotiated before the Host: header is sent for
the web server to deal with IP-less virtual servers, so it will serve the cert for
the IP rather than the expected one for the virtual server.
> In regards to load balancing, you can request certs for *.domain.com,
> and each www, www2, etc will use the same cert. However, we are
> drifting of topic since Harry's question was about NAT (and that
> usually involves IP addresses ;)
Except that this only works with a few browsers. I don't think that Netscape
supports wildcarding.
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate scheme!
http://computer-manuals.co.uk/affiliate/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
