On Tue, Nov 05, 2002 at 11:00:46AM +0100, DEFFONTAINES Vincent wrote:
> I managed to create several Virtualhosts on a apache-ssl (1.3) server (same
> IP, same port, several names).
> The "trick" is to use the same Certificate for every Virtualhost, which will
> of course generate a warning on browsers,
> The non-matching {site name/certificate} is indeed a drawback, but
> maybe can be turned around?
You can use "wildcard certificates", with a CN of (e.g.)
"*.coe.int". I see two major drawbacks:
- I'm not sure most CA will sign wildcard certificates. It's better
for them if you buy a dozen certificates than ONE wildcard
certificate.
Not an issue if you run your own CA.
- When I tried this, the infamous Microsoft Internet Explorer totally
barfed on wildcard certificate.
If web administrators are separate from (whatever else) administrators
at your site, then the web administrators will be able to masquerade
(at the SSL level) for any machine in the domain: Print servers, ftp
server, ...
--
LionelAttachment:
pgpkl1i091iZV.pgp
Description: PGP signature