On Wed, Mar 10, 1999, Dan Roscigno wrote:
 
> > > Another thing that can be done is to have a wildcard cert
> > > (common name = *.domain) this will allow you to have
> > > foo.domain:443, bar.domain:443, www.domain:443 etc.  All of
> > > the domains have the same ip address and port, and they all
> > > use the same cert.  I know that Thawte issues these certs,
> > > not sure about anyone else.
> > 
> > But keep in mind that not all browsers support such certs.  At least they will
> > complain that the cert-CN doesn't match the host-FQDN.
> 
> Do you know off-hand which browsers complain?  I have only
> tested Netscape 4.03, IE 4.0, IE 5.02 beta.  These are all
> OK.  

When I remember correctly, it was IE4 or IE3 which disliked wildcarded CNs.
But I've forgotten. Look inside the SSLeay mailing list archives. There should
be details about this.
                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl)   www.engelschall.com/sw/mod_ssl/
Official Support Mailing List               [EMAIL PROTECTED]
Automated List Manager                       [EMAIL PROTECTED]

Reply via email to