I've a cert w/ CN of the form FOO.BAR.BAZ which is in use on a box serving that hostname. Bringing up a replacement for that box, I gave the new site a name of the form test.FOO.BAR.BAZ and installed a copy of the key and crt from FOO.BAR.BAZ on that one as well. I expected netscape to complain about the CN hostname mismatch, but it did not. It seems as if netscape is treating the CN FOO.BAR.BAZ exactly as it would *.FOO.BAR.BAZ. Has anyone else noticed this? How does IE handle this? Opera? If it is in fact universal, then requesting a CN of your domain name should work on any hostname under that. Wildcard certs for cheap! I've tested 4.73 on linux and mac, and 6.0a (ie mozilla) on linux. -JimC -- James H. Cloos, Jr. <http://jhcloos.com/public_key> 1024D/ED7DAEA6 <[EMAIL PROTECTED]> E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6 Is this post worth two cents? Then goto <http://2cw.org/23>! ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
