--On Monday, August 06, 2001 09:50:14 AM +0200 Owen Boyle <[EMAIL PROTECTED]>
wrote:
>> I'd like to serve SSL requests using the one certificate for
>> all of the virtual names. Currently, Apache/mod_ssl refuse to
>> serve under any name because the "hostname" name is not the
>> same as the certificate's common name.
>>
>> Can I do what I want?
>
> I don't think so. If you could do this, then you could use any
> certificate to authenticate any host and that would violate an important
> aspect of SSL.
>
> The certificate is not only for containing the site's public key, it
> also authenticates the site so that you can be sure you really are on
> www.banana.com and not some pirate copy site. To do this, there has to
> be a one-to-one mapping between site name and certificate.
>
Thanks. Note that the site that is serving this certificate is validly
registered with DNS under the certificate's common name. Note also that the
HTTP client is accessing this server using the certificate's common name
in the URL. BUT, the server's 'hostname' is set to something else.
If the client uses the common name, and the common name is validly
registered
to this server, I don't see any problems of the sort you describe. In fact,
currently, Apache/mod_ssl will only allow me to serve https://host.domain/
using
a certificate for adifferenthost.domain.
Thanks,
Juan
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
