[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: Handling of certificates in Debian



Hi Stephen!

On Mon, 02 Sep 2002, Stephen Frost wrote:

> * Henrique de Moraes Holschuh (hmh@debian.org) wrote:
> > On Sat, 31 Aug 2002, Brian May wrote:
> > > (note that I really like this realiance on checking the hostname, for
> > > instance it doesn't work properly with virtual name domains under https,
> > > but it somehow seems to have become the defacto default, and we seem to
> > > be stuck with it for now).
> > 
> > It can, if the !@#$@#$ browsers implement the altName extension.
> 
> Uh, except that on the server side if you're going to have different
> certs for different virtual servers then unless they each have their own
> IP there's no way for apache to know which cert to use because the SSL
> connection and whatnot is set up prior to the HTTP headers being sent.
> That's my understanding anyway.

That is why you have more than one name in the cert.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh



Reply to: