On Sun, 2006-03-05 at 12:05 +0100, Christian Rose wrote: > On 10/28/05, James Henstridge <[EMAIL PROTECTED]> wrote: > > On 27/10/05 16:51, Ross Golder wrote: > > >Would it? Doesn't each Apache secure vhost require a different IP > > >address to bind to? > > > > > > > > You can vhost SSL sites pretty easily. If you don't care about the > > "name doesn't match certificate" warnings the first time you go to the > > site, set up is exactly the same. > > > > Alternatively, you can use the "subject alt name" extension in the > > certificate, which will get rid of the warning for those names. I don't > > recall how to do this with the openssl tools though. > > > > James. > > Alternatively, you can use a wildcard SSL certificate that will be > valid for all websites *.gnome.org. The only restriction is that all > web sites will need to be served as virtual hosts from the same > machine (window?), where the certificate is then placed. > > Has anyone looked into this? A wilcard certificate need not be > extremely expensive, for example http://www.rapidssl.com/ offers > wildcard certificates for about $200.
One caveat about this is that if we did put a wildcard certificate on window, then it wouldn't make sense to, say, have a separate more closely guarded certificate for, say, 'store.gnome.org', since someone obtaining the wildcard certificate could impersonate store.gnome.org. Not really a killer objection ... after all, users are probably about as likely to give their credit cards to an impersonated https://www.gnome.org as to an impersonated https://store.gnome.org, but worth at least keeping in mind. Regards, Owen _______________________________________________ Gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
