Juan Leon wrote:
>
> My mod_ssl Apache is running on a machine with multiple
> names and IP addresses. The name returned by "hostname" is
> one of these, but the certificate's common name is that of
> one of the other host names.
>
> I'd like to serve SSL requests using the one certificate for
> all of the virtual names. Currently, Apache/mod_ssl refuse to
> serve under any name because the "hostname" name is not the
> same as the certificate's common name.
>
> Can I do what I want?
I don't think so. If you could do this, then you could use any
certificate to authenticate any host and that would violate an important
aspect of SSL.
The certificate is not only for containing the site's public key, it
also authenticates the site so that you can be sure you really are on
www.banana.com and not some pirate copy site. To do this, there has to
be a one-to-one mapping between site name and certificate.
It is possible to have a wild-card certificate within a domain - i.e.
"www1.banana.com" and "www2.banana.com" can share a certificate but you
can't share certificates across domains.
Rgds,
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
