On 4/15/08, Sir June <[EMAIL PROTECTED]> wrote: > > > to add more info.. > > i have 3 linux boxes . linux1, linux2 and linux3 - all serves the same > website www.mydomain.com and in-front of them there is a load balancer > that distributes the traffic. so the load balancer holds the front-end ip > address that maps to www.mydomain.com. so everytime the 3 servers replies > back, it gives out the certificate coming from linuxN which makes it > invalid ? because CN -hostname mismatch?
yes... because your CN is equal to www.mydomain.com while the actual serving the certificate is either one of your linuxN.mydomain.com which is supposed to be the value of your CN... that is why CN=*.mydomain.com is your alternative solution to match linux1.mydomain.com, linux2.mydomain.com, linux3.mydomain.com and others.mydomain.com for your name-based virtual hosting... but if you want to serve different certificates with different domain aside from mydomain.com... you have to use ip-based virtual hosting instead of name-based virtual hosting... fooler. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph