Re: certificate server

[Nikolai Buer <security@boffer.no>]

> * Important that during CSR the Common Name match the web server name that
> browsers will use: eg www.xxx.com otherwise clients will all display a warning
> that the server certificate does not match the name of the server.

Actually that's quite annoying. Some people like to skip www in the
name, and so the browser complains the cert name doesn't match the site
name because it's made out to www.xxx.com and not xxx.com (I continued
the pr0n site example :).

It should have been possible to make out a cert to a site under more
than one name, or with names alias.

An alternative would be to use mod_rewrite on the server and rewrite all
requests for xxx.com to www.xxx.com, but I haven't got around to this
yet, hopefully it will be a simple thing.

nikolai.