Do NetScape & IE support such *.domain certs?
Juergen
-----Original Message-----
From: Ralf S. Engelschall [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, March 11, 1999 3:29 AM
To: [EMAIL PROTECTED]
Subject: Re: Multiple Certificates?
On Wed, Mar 10, 1999, Dan Roscigno wrote:
> > > Oh?! Does this imply that you can have multiple virtual SSL hosts hanging
> > > off the same IP address?
> >
> > No, I'm just talking about virtual hosts and implicitly assumed that this in
> > SSL-context always means IP-based. In other words: The virtual hosts cannot
> > share the same IP, of course.
> >
> > > There was a discussion some time ago, and as far as I remember you could
> > > only have one SSL site per IP address, is that not true?
> >
> > Yes and no. Yes in general, no when you take TCP ports into account, too.
> > Because the IP:Port is actually what has to be unique, i.e. you can use two
> > HTTPS servers without problems on IP:443 and IP:8443, of course.
>
> Another thing that can be done is to have a wildcard cert
> (common name = *.domain) this will allow you to have
> foo.domain:443, bar.domain:443, www.domain:443 etc. All of
> the domains have the same ip address and port, and they all
> use the same cert. I know that Thawte issues these certs,
> not sure about anyone else.
But keep in mind that not all browsers support such certs. At least they will
complain that the cert-CN doesn't match the host-FQDN.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]