Re: https://www vs https://tjener.intern

[Daniel Hess <daniel@rio-grande.ping.de>]

Hi,

On Mon, Nov 26, 2007 at 11:51:21AM +0100, Ronny Aasen wrote:
> Anders Kringstad wrote:
> > cat intern-wildcard.key intern-wildcard.cert > intern-wildcard.pem
> > chmod 400 intern-wildcard.pem
> >   
> but a wildcard!= a alias.
> ie www/backup/tjener/  does not match *.intern
> 
> altho www.intern does ofcourse.
> 
> so we could change the links to be www.intern instead of www and use a
> wildcard. unless someone knows a way to handle aliases in keys.

maybe subject alternative names come to rescue here.

http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_

All modern browsers should support subject alternative names now and not
complain if the common name does not match, but an subject alternative
does.

Greetings

Daniel