Yes, to avoid ANY errors popping up in the 'users' face, all 3 should
match...
If the URL name they use to get to the site is different, they'll get the
"The site your visiting does not match the name you used" error message.
If the "ServerName" setting and the 'common name' in the certificate doesn't
match, they'll get "This site's certificate does not match the...." error
message (or something like that...)
I usually put the SSL content on a different server, with a different name
(i.e. "www" for non-SSL stuff, and "secure" or "wwws" for SSL content), and
when people are visiting the 'www' initial site, I 'forward' them to
https://secure) to get to the SSL content. That way, I can change where
they go to get to the SSL stuff later (they always start at the 'www'
stuff), and you can 'force' them to always 'enter' your site thru the same
spot....
----- Original Message -----
From: "Kory Hamzeh" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 22, 2001 3:55 PM
Subject: RE: newbie question about SSL certificates and hostname
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Brazill
> >
> > As long as the 'name' that the client (browser) used to access
> > the website,
> > matches the 'name' on the certificate AND the "servername" for that
> > 'virtual' (or 'real') host, it will work....
> >
> > If the certificate has the name "store.domain.com" embedded in
> > it, then the
> > Apache 'server' will have to have the "servername" set to
> > "store.domain.com"
> > and the 'client' browsers will have to have used "store.domain.com" in
the
> > URL that directed them to the site (you could always have
> > http://www.domain.com automatically forward them to the
"store.domain.com"
> > website)
> >
>
> Hi Steve,
>
> Just to make sure I understand you:
>
> If the 'name' on the certificate is 'store.domain.com', and the
'serverName'
> is 'store.domain.com', then https://store.domain.com will work. However,
> https://www.domain.com WILL NOT work even if I have a CNAME in the DNS
> record that maps www.domain.com to store.domain.com.
>
> Is my understanding correct?
>
> Thanks,
> Kory
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
