RE: Distribution of Authentication Certificates
Robert Bihlmeyer wrote:
> Bernd Eckenfels <lists@lina.inka.de> writes:
> > On Sun, Mar 16, 2003 at 09:35:00PM +0100, Robert Bihlmeyer wrote:
> > > TLS/SSL is a perfectly fine protocol with self-signed certificates.
> >
> > Unfortunatelly it does not support named based virtual hosts,
>
> mozilla has some code to allow matching multiple hosts with the cn
> (you can list them, and I think something like *.foo.bar is also
> possible). Dunno if that is standardised somewhere.
Netscape 4- uses the following scheme:
http://wp.netscape.com/eng/security/ssl_2.0_certificate.html#Site
(See "Subject Common Name" a bit further down)
I think Mozilla works the same way, plus it supports the "subjectAltName"
SSLv3 extension (as does Internet Explorer 5+, but not Opera 7-!).
Julian.
Reply to: