At 01:30 PM 4/10/00 -0400, you wrote:
>On Monday, April 10, 2000 10:50 AM, Jon Earle [SMTP:[EMAIL PROTECTED]]
>wrote:
> > It would be whatever the machine is called, in your case,
> > secure.macinshop.be. As I understand it, and folks, please correct any
> > misunderstandings, the CN within the certificate is used by the browser
>to
> > verify that the machine sending the data is actually that box, and not
>some
> > other box that someone at that site created. The certificate is unique
>to
> > a specific machine. There are site certificates that use a wildcard in
>the
> > CN, but I think I remember Netscape and IE both complaining about the
>fact
> > that the wildcard didn't match the hostname sending the certificate.
> >
> > Jon
>
>
>Jon,
>
> I believe that what you wrote isn't accurate. The CN is actually the
>name the ip address resolves to, and not the name the machine resolves to.
> If it were the machine, then you could only have on secure site per
>machine. This is not the case. You can have as many secure sites on a
>machine as you can IP addresses to support them.
Yes, you are correct (my phrasing was incorrect), and this is what we have
at our site (2 certs for two virtual hosts on the same physical box). My
point was that a site named 'webmail.mydomain.com' cannot use a cert issued
for 'www.mydomain.com' as the CN will not match the site's hostname,
whether both sites are hosted on the same machine, or on different machines.
Thanks!
Jon
-----------------------------------------------------------------
Jon Earle (613) 612-0946 (Cell)
HUB Computer Consulting Inc. (613) 830-1499 (Office)
http://www.hubcc.ca 1-888-353-7272 (Within Canada/US)
"God does not subtract from one's alloted time on Earth,
those hours spent flying." --Unknown
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
