> IE checks the server name against each CN's individually.
I found that by experimentation too. I have VBScript sample on how to generate
such a CSR request for IIS using the CryptoAPI.
Furthermore, IE does not care if the CNs have different domains.
e.g.
/CN=www.domain.com/CN=www.domain.net/CN=www.domain.org
-or even-
/CN=www.domain.com/CN=www.cypherpunks.com/CN=www.microsoft.com
You can self-sign such a cert with OpenSSL just fine. Whether you can get a real
CA to sign such a thing is another matter.
Adam
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
