Re: newbie question about SSL certificates and hostname

Wed, 22 Aug 2001 15:17:05 -0700 

As long as the 'name' that the client (browser) used to access the website,
matches the 'name' on the certificate AND the "servername" for that
'virtual' (or 'real') host,  it will work....

If the certificate has the name "store.domain.com" embedded in it,  then the
Apache 'server' will have to have the "servername" set to "store.domain.com"
and the 'client' browsers will have to have used "store.domain.com" in the
URL that directed them to the site (you could always have
http://www.domain.com automatically forward them to the "store.domain.com"
website)

----- Original Message -----
From: "Kory Hamzeh" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 22, 2001 10:57 AM
Subject: newbie question about SSL certificates and hostname


> Please let me know if this question is not appropriate for this forum.
>
> This is the first system I'm configuring with SSL, and I am looking for
> recommendations on how to do this. I've already configured apache and know
> how to generate a CSR.
>
> We basically have an old web site that is pretty old and static. I'll call
> this site www.domain.com. We plan to make no changes to this site and take
> it down when the new one is ready.
>
> Meanwhile, we're bringing up a new site on a new machine that is going to
be
> running SSL. I'll call this machine store.domain.com. Once we get
> store.domain.com fully functional, we'll bring down www.domain.com and
make
> store.domain.com available. The problem is that when I apply for a
> certificate for the new machine, I have to give it a FQDN as the Command
> Name. If I use www.domain.com, we can't do any testing before hand. If I
use
> store.domain.com, I can't rename the host to www.domain.com.
>
> The only way around this, I think, it to leave store.domain.com as is, and
> when we bring down www.domain.com, add a CNAME to the DNS record to map
> www.domain.com to store.domain.com. Is this a correct way of doing this?
> Will this result in any problems down the road.
>
> Any suggestions and guidance would be greatly appreciated.
>
> Thanks,
> Kory
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to