RE: Distribution of Authentication Certificates
Robert Bihlmeyer wrote:
> Bernd Eckenfels <email@example.com> writes:
> > On Sun, Mar 16, 2003 at 09:35:00PM +0100, Robert Bihlmeyer wrote:
> > > TLS/SSL is a perfectly fine protocol with self-signed certificates.
> > Unfortunatelly it does not support named based virtual hosts,
> mozilla has some code to allow matching multiple hosts with the cn
> (you can list them, and I think something like *.foo.bar is also
> possible). Dunno if that is standardised somewhere.
Netscape 4- uses the following scheme:
(See "Subject Common Name" a bit further down)
I think Mozilla works the same way, plus it supports the "subjectAltName"
SSLv3 extension (as does Internet Explorer 5+, but not Opera 7-!).