But none of the web browser (i guess openssl as well)don't know how to handle this extension.
I believe RFC 2459 section 4.2.1.7. Probably you should file this as a bug(with all the browser vendor and openssl).
Leonardo J. Uzc�tegui M. wrote:
Hi!
this means that I must create single certificate (a single key and a single request) and install it to all the computers???
Mark Foster wrote:
On Fri, Jan 23, 2004 at 09:10:40AM -0400, "Leonardo J. Uzc?tegui M." wrote:
[snip]
I have three computers with different directions IP and names DNS ana.foo.bar 192.168.1.100 joan.foo.bar 192.168.1.101 jean.foo.bar 192.168.1.102
these computers conform a cluster of mail services (pops, imaps, https)
[snip]
with IE 6
"The name of the security certificate is not validate or it does not agree with the site"
This can be solved with intermediate certificates
My question is how generate those certificates intermediate??
Just get a certificate with www.foo.bar as the CommonName, and install
that ONE cert on all three web servers. Do not use hostname specific
certs on load-balanced (clustered) services. The CommonName on the cert
should match what the client expects, based on what they were configured
to use. Consequently OTOH, if the mail clients are set to check mail.foo.bar
for IMAPS and/or POPS, you would need a different certificate (on all three
servers) with a CommonName of mail.foo.bar.
thank, and sorry my poor english
It's not poor, it's fine!
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
