yes, or u hack the certificates a little bit ;o)I don't think named virtual hosts work with SSL. But, IMHO, it may be possible to run another apache process or virtual host on port different from 443.
to represent more than one domain name... this is working with mozilla based and ie browsers at least... opera doesn't work so far - as i have discovered...
Perhaps they use the same hack like Netscape 4 and Mozilla 1.0 (see below)?
u actually simply abuse the subject alternative field - and put all dns-names in there - its very importend to start with the dns stuff, later on u can put ip and e-mail if needed in there too - but u have to start with dns attributes...
than its working... i'll and an example certificate which is actually working...
Please don't forget to put all DNS names as regex into the CN. Old Netscapes and Mozilla 1.0 are not standard compliant and fully ignore the ubject alternative name.
looks like those browsers scan the subject-alternative-field of an certificate if they don't find a dns in the subject, i'm not sure, if u have a dns in the subject it doesn't work this way... so i just have a name there ;o) - i havn't took a look at the mozilla sources so far - that's why its only a guess - but its working - and that's the importend fakt! (one may call this a bug of those webbrowser but actually it is still verifying the dns versus the certificate so i think its a feature in this case and i like it)
This is no bug, this is a standard! Mozilla developers fixed the behaviour after we mail them the RFC number and that IE works.
Subject: CN=Datenschleuder Webserver,DC=Server,O=Datenschleuder,DC=Org
This doesn't work with Netscape and Mozilla 1.0. The CN must include the DNS names as regex. Opera usually doesn't work because they implement the crypto stuff in the same way like Netscape - including SPKAC :(
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
