> IE checks the server name against each CN's individually. I found that by experimentation too. I have VBScript sample on how to generate such a CSR request for IIS using the CryptoAPI.
Furthermore, IE does not care if the CNs have different domains. e.g. /CN=www.domain.com/CN=www.domain.net/CN=www.domain.org -or even- /CN=www.domain.com/CN=www.cypherpunks.com/CN=www.microsoft.com You can self-sign such a cert with OpenSSL just fine. Whether you can get a real CA to sign such a thing is another matter. Adam --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]