Ian G wrote: > On Thursday 12 May 2005 08:38, Duane wrote: > >>Ian G wrote: >> >>>Further, it turns out that Apache does not have the >>>code to deal with the client helo server name indication. >> >>As you can see from the discussion from today/yesterday out MSIE/Firefox >>both support subjectAltName properly and if you're using CAcert to get >>certificates we now verify and sign certificates with SAN extensions... > > > Excellent news... I'm hoping that you write this up > in your VhostsTaskForce page so I can try it out.
The plan was basically to work out what browsers support what, and the best way to do things, currently there is some information on the vhost page, you need to alter your openssl.cnf to include a few lines about subjectAltName... [ req ] req_extensions = v3_req [ v3_req ] subjectAltName = DNS:www.example.com, DNS:www.example2.com, DNS:www.example3.com etc... -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
