[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Managing SSL certificates

On 10/15/05, Peter Palfrader <weasel@debian.org> wrote:
> On Sat, 15 Oct 2005, Steinar H. Gunderson wrote:
>
> > On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> > > There aren't that many good reasons for having one cert per service
> > > anyway
> >
> > ...except that if you have a certificate for hostname.domain.com and your
> > users connect to (say) imap.domain.com, they would get a warning dialog box?
>
> We can't know all the names that people will use to refer to your
> server, so this is one of the cases where you have to do stuff manually
> anyway.

AFAIK there's an extension to HTTP to allow multiple TLS vhosts on one
host:port. In that case, there's no need to manually ask for the
common name for the certificate.
I hope the same is done for TLS in general but if not, at least
individual protocols should support this.
Reply to: