The "Common Name" that you use to 'build' the certificate must match the
"ServerName" that the webserver is 'projecting'.
You can have many "ServerName" entries in an Apache configuration if you're
running 'virtual hosts'... (but you'd need a different set of certs for each
name).
SO, if you built the certificates with http://www.xyz.com just make sure
that the "ServerName" entry on both of the webservers say the same thing...
(and that the DNS name used to get to either of the systems is also the
same)
----- Original Message -----
From: "Rajidhar Etta" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 22, 2001 2:42 PM
Subject: Re: newbie question about SSL certificates and hostname....Related
question
> Hi all,
> We are building new website and the site will server both SSL and nonSSL
> pages. We have two webservers and we have a an hardware load balancer to
> route the traffic to one of the web server. The site is www.xyz.com, and
the
> two web server's hostnames are say A and B. Now, I am wondering on which
CN
> I have to take SSL certificate? www.xyz.com or A.xyz.com and B.xyz.com, If
> it is www.xyz.com , can I take only ONE certificate and use it on both?
>
>
> regards,
> Rajidhar Etta
> eComServer Inc.
> 609.951.8500 (x 192)
> 609.203.3697 (Cell)
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Mads Toftum
> Sent: Wednesday, August 22, 2001 5:03 PM
> To: [EMAIL PROTECTED]
> Subject: Re: newbie question about SSL certificates and hostname
>
>
> On Wed, Aug 22, 2001 at 10:57:12AM -0700, Kory Hamzeh wrote:
> >
> > Meanwhile, we're bringing up a new site on a new machine that is going
to
> be
> > running SSL. I'll call this machine store.domain.com. Once we get
> > store.domain.com fully functional, we'll bring down www.domain.com and
> make
> > store.domain.com available. The problem is that when I apply for a
> > certificate for the new machine, I have to give it a FQDN as the Command
> > Name. If I use www.domain.com, we can't do any testing before hand. If I
> use
> > store.domain.com, I can't rename the host to www.domain.com.
>
> Get a certificate for www.domain.com - as long as you're testing with this
> cert on store.domain.com browsers will complain about a server name
mismatch
> and mod_ssl will warn you - alternatively you could just create your own
> test cert for store.domain.com ... use: make certificate TYPE=custom
> when installing mod_ssl or see the FAQ list about certificates:
> http://www.modssl.org/docs/2.8/ssl_faq.html
> >
> > The only way around this, I think, it to leave store.domain.com as is,
and
> > when we bring down www.domain.com, add a CNAME to the DNS record to map
> > www.domain.com to store.domain.com. Is this a correct way of doing this?
> > Will this result in any problems down the road.
> >
> This is not really a great idea with cnames and certs - with two different
> names for the same ip, then at lest one of them won't match the FQDN in
> your cert.
>
> vh
>
> Mads Toftum
> --
> With a rubber duck, one's never alone.
> -- "The Hitchhiker's Guide to the Galaxy"
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
