Re: Open SSL via dyndns.org
* tobias.sem...@diemer-ing.de wrote on Tue, Apr 14, 2009 at 15:04 +0200: Is there a chance to create a certification on the intern server called by the extern https://name.dyndns.org adress ? It depends on the software you are using and on the setup... If you use some non-routable IP for your LAN (internally SRV02) and another IP on this server for the dyndns.org name, I think this should be possible. With Apache, you could create two instances based on IPs. One instance could be bound to the internal IP using the SRV02 certificate, another default one with the other certificate. Of course it is possible to use name.dyndns.org also internally (for instance, by adding this to the internal DNS pointing to the internal IP, which usually has restrictions and limitations). oki, Steffen End of message. ---8=== About Ingenico: Ingenico is the world’s leading provider of payment solutions, with over 15 million terminals deployed across the globe. Delivering the very latest secure electronic payment technologies, transaction management and the widest range of value added services, Ingenico is shaping the future direction of the payment solutions market. Leveraging on its global presence and local expertise, Ingenico is reinforcing its leadership by taking banks and businesses beyond payment through offering comprehensive solutions, a true source of differentiation and new revenues streams. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. P Please consider the environment before printing this e-mail __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Open SSL via dyndns.org
Hi, we tried to create a ssl certification via openssl. Our problem is that we have in intern server called SVR02. This server could be reached via name.dyndns.org:443. If we create a certification with the CO SVR02 the server accept this and install the certification. But if we try it from www the reaction is that there is a non-trusting certification course we called by name.dyndns.org. If we change the CO to name.dyndns.org the certification is non-trusting by the server at all. Is there a chance to create a certification on the intern server called by the extern https://name.dyndns.org adress ? Greetings Tobias Semmet
RE: Open SSL via dyndns.org
we tried to create a ssl certification via openssl. Our problem is that we have in intern server called SVR02. This server could be reached via name.dyndns.org:443. If we create a certification with the CO SVR02 the server accept this and install the certification. But if we try it from www the reaction is that there is a non-trusting certification course we called by name.dyndns.org. If we change the CO to name.dyndns.org the certification is non-trusting by the server at all. Is there a chance to create a certification on the intern server called by the extern https://name.dyndns.org adress ? Tobias Semmet You have a lot of choices, but no particularly good ones. In my opinion, your best option is to register your own domain name, CNAME it to your dyndns.org address, and obtain your own certificate in the name of your own domain. You could also ask the dyndns provider if they offer certificates. Since they own the name (as far as the certification authorities are concerned), they'd have to work with the CA to obtain the certificate. You can't do it because you can't prove to the CA that you own the host name you are using. Other options include creating your own certificate not issued by a CA and having people add an exception or providing them your own CA cert to install by other means. These are more difficult to get right and still keep the same level of security, so I don't recommend them. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org