On Wed, Mar 10, 1999, Dan Roscigno wrote:
> > > Another thing that can be done is to have a wildcard cert
> > > (common name = *.domain) this will allow you to have
> > > foo.domain:443, bar.domain:443, www.domain:443 etc. All of
> > > the domains have the same ip address and port, and they all
> > > use the same cert. I know that Thawte issues these certs,
> > > not sure about anyone else.
> >
> > But keep in mind that not all browsers support such certs. At least they will
> > complain that the cert-CN doesn't match the host-FQDN.
>
> Do you know off-hand which browsers complain? I have only
> tested Netscape 4.03, IE 4.0, IE 5.02 beta. These are all
> OK.
When I remember correctly, it was IE4 or IE3 which disliked wildcarded CNs.
But I've forgotten. Look inside the SSLeay mailing list archives. There should
be details about this.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]