On Wed, Aug 22, 2001 at 10:57:12AM -0700, Kory Hamzeh wrote:
>
> Meanwhile, we're bringing up a new site on a new machine that is going to be
> running SSL. I'll call this machine store.domain.com. Once we get
> store.domain.com fully functional, we'll bring down www.domain.com and make
> store.domain.com available. The problem is that when I apply for a
> certificate for the new machine, I have to give it a FQDN as the Command
> Name. If I use www.domain.com, we can't do any testing before hand. If I use
> store.domain.com, I can't rename the host to www.domain.com.
Get a certificate for www.domain.com - as long as you're testing with this
cert on store.domain.com browsers will complain about a server name mismatch
and mod_ssl will warn you - alternatively you could just create your own
test cert for store.domain.com ... use: make certificate TYPE=custom
when installing mod_ssl or see the FAQ list about certificates:
http://www.modssl.org/docs/2.8/ssl_faq.html
>
> The only way around this, I think, it to leave store.domain.com as is, and
> when we bring down www.domain.com, add a CNAME to the DNS record to map
> www.domain.com to store.domain.com. Is this a correct way of doing this?
> Will this result in any problems down the road.
>
This is not really a great idea with cnames and certs - with two different
names for the same ip, then at lest one of them won't match the FQDN in
your cert.
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- "The Hitchhiker's Guide to the Galaxy"
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
