Re: https://www vs https://tjener.intern
Anders Kringstad wrote:
> On Mon, 2007-11-26 at 09:06 +0100, Ronny Aasen wrote:
>
>> Morten Werner Forsbring wrote:
>>
>>> Holger Levsen <holger@layer-acht.org> writes:
>>>
>>>
>>>
>>>> No, lwat has nothing to do with it. According to this logic, we
>>>> should create more (snakeoil) ssl certificates for the different dns
>>>> names. Currently we only create one for tjener.intern, maybe we
>>>> should also create one for postoffice.intern, one for www.intern and
>>>> so on.
>>>>
>>>>
>>> Can't we create one with all the known aliases included?
>>>
>>>
>>> - Werner
>>>
>>>
>> I didn't think it was possible to have multiple aliases on a
>> certificate. Do you know the openssl command how to do it ?
>>
>
> Quite simple guide here :)
>
> openssl genrsa 2048 > intern-wildcard.key
> chmod 400 intern-wildcard.key
> openssl req -new -x509 -nodes -sha1 -days 3650 -key \
> interd-wildcard.key > intern-wildcard.cert
> [enter *.intern for the Common Name]
> openssl x509 -noout -fingerprint -text < intern-wildcard.cert \
>
>> intern-wildcard.info
>>
> cat intern-wildcard.key intern-wildcard.cert > intern-wildcard.pem
> chmod 400 intern-wildcard.pem
>
>
>
but a wildcard!= a alias.
ie www/backup/tjener/ does not match *.intern
altho www.intern does ofcourse.
so we could change the links to be www.intern instead of www and use a
wildcard. unless someone knows a way to handle aliases in keys.
Ronny
Reply to: