Hi, > (I do know that web browsers at least honour the DNS SAN extension for > a single value, why should they ignore it when there are multiple values?)
BTW, I just remembered that our CA system here uses two machines for failover that share the same certificate. In this server cert we have included four DNS SANs, two of them being the real server names of the CA systems. Neither Firefox (1.0.7) nor IE (5.50) complain about the certs on either of the hosts. This does not prove that it works in the vhost case, but is a strong indication that it should work just fine... cu Martin ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
