[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: https://www vs https://tjener.intern

Daniel Hess wrote:
> Hi,
>
> On Mon, Nov 26, 2007 at 11:51:21AM +0100, Ronny Aasen wrote:
>   
>> Anders Kringstad wrote:
>>     
>>> cat intern-wildcard.key intern-wildcard.cert > intern-wildcard.pem
>>> chmod 400 intern-wildcard.pem
>>>   
>>>       
>> but a wildcard!= a alias.
>> ie www/backup/tjener/  does not match *.intern
>>
>> altho www.intern does ofcourse.
>>
>> so we could change the links to be www.intern instead of www and use a
>> wildcard. unless someone knows a way to handle aliases in keys.
>>     
>
> maybe subject alternative names come to rescue here.
>
> http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_
>
> All modern browsers should support subject alternative names now and not
> complain if the common name does not match, but an subject alternative
> does.
>
> Greetings
>
> Daniel

I think I'll try this, and fall back to anders suggestion if this is not
working as intended.

Ronny
Reply to: