k
Ken Johanson wrote:
In the past, several people (including myself) have asked for a way to get Sambar Server to support multiple SSL certs, for servers that host more than one domain. But it turns out that SSL (x509 version 3, specifically), has built-in support for multiple domains per certifcate!!
Just add the following line to your config/openssl.cnf file, in the [ v3_ca ] section:
subjectAltName = DNS:www.test.com,DNS:*.kensystem.com,DNS:*.etc.com
This line adds additional domains that browsers will validate a certificate against. Note the comma-separated-list format ; it aloows you to add as many for few as you want. As in the example, you can also use wild card certs.
I've verified that all modern browsers support this; Mozilla, Firebird, Safari, & IE. Theoretically, older software that uses SSL (email clients, etc) may not have support for this feature. It also does not provide a distinct cert based on IP address (the contemporary ssl binding method), but that's probably not going to be a problem for most of us.
Cheers,
ken
------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
