[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https://www vs https://tjener.intern

Anders Kringstad wrote:
> On Mon, 2007-11-26 at 09:06 +0100, Ronny Aasen wrote:
>   
>> Morten Werner Forsbring wrote:
>>     
>>> Holger Levsen <holger@layer-acht.org> writes:
>>>
>>>   
>>>       
>>>> No, lwat has nothing to do with it. According to this logic, we
>>>> should create more (snakeoil) ssl certificates for the different dns
>>>> names. Currently we only create one for tjener.intern, maybe we
>>>> should also create one for postoffice.intern, one for www.intern and
>>>> so on.
>>>>     
>>>>         
>>> Can't we create one with all the known aliases included?
>>>
>>>
>>> - Werner
>>>   
>>>       
>> I didn't think it was possible to have multiple aliases on a
>> certificate. Do you know the openssl command how to do it ?
>>     
>
> Quite simple guide here :)
>
> openssl genrsa 2048 > intern-wildcard.key
> chmod 400 intern-wildcard.key
> openssl req -new -x509 -nodes -sha1 -days 3650 -key \
>  interd-wildcard.key > intern-wildcard.cert
> [enter *.intern for the Common Name]
> openssl x509 -noout -fingerprint -text < intern-wildcard.cert \
>   
>> intern-wildcard.info
>>     
> cat intern-wildcard.key intern-wildcard.cert > intern-wildcard.pem
> chmod 400 intern-wildcard.pem
>
>
>   
but a wildcard!= a alias.
ie www/backup/tjener/  does not match *.intern

altho www.intern does ofcourse.

so we could change the links to be www.intern instead of www and use a
wildcard. unless someone knows a way to handle aliases in keys.

Ronny
Reply to: