RE: SSL Wildcard Certificates

John . Airey Thu, 01 Mar 2001 01:24:35 -0800
Try connecting to https://wwws.rnib.org.uk with the same browsers. We also
use a wildcard certificate which I believe I've set up correctly. If you get
the same result then the problem is the browsers, rather than the
certificate. 

I find it odd though that Netscape, the inventors of SSL could mess up
wildcard certificates. This kind of mess up used to be the domain of
Microsoft!

- 
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] 


> -----Original Message-----
> From: Ladd Angelius [mailto:[EMAIL PROTECTED]]
> Sent: 28 February 2001 16:20
> To: [EMAIL PROTECTED]
> Subject: SSL Wildcard Certificates
> 
> 
> 
> Does anyone know about a workaround/fix for the below problem? We'd 
> like to use a wildcard certificate ...
> 
> I tested the "wildcard" test-certificate offered by www.thawte.com
> 
> The test:
> I control the DNS, so I put a "*.gmoney.com" entry in my DNS file, 
> and ping tested multiple names, ie. hello.mydomain.com, 
> xxxx.mydomain.com, etc. Everything resolves to a specific IP, which 
> is a box running Linux RedHat7 with preconfigured SSL and Apache 
> (comes already set up with RH7).
> 
> I generated a CSR with the command "make certreq", submitted it to 
> www.thawte.com, receieved a CRT, copied the CRT to the file 
> /etc/httpd/conf/ssl.crt/server.crt, and restarted apache.
> 
> Findings:
> 
> All clients connecting over SSL recieve the "non-trusted authority" 
> error (this is normal for a "test" certificate).
> 
> Win98 IE5 clients report "hostname matches the certificate."
> Win2K IE5 clients report "hostname does not match the certificate."
> Win98 NS4.7 only reports "non-trusted authority." No mention of 
> hostname match or not.
> Win2K NS4.7 only reports "non-trusted authority." No mention of 
> hostname match or not.
> 
> Any and all suggestions/fixes/workarounds will be greatly appreciated.
> 
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
> 
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
RE: SSL Wildcard Certificates

Reply via email to
