Re: name based virtual host and apache-ssl - thanx

To: debian-security@lists.debian.org
Subject: Re: name based virtual host and apache-ssl - thanx
From: Chris Morris <cim@durge.org>
Date: Thu, 25 Mar 2004 09:18:28 +0000 (GMT)
Message-id: <[🔎] Pine.LNX.4.53.0403250913090.30568@fof.durge.org>
In-reply-to: <[🔎] Pine.LNX.4.58L.0403241806280.30917@arizona.ethz.ch>
References: <[🔎] c3rpeh$jgg$1@sea.gmane.org> <[🔎] c3s6ml$knh$1@sea.gmane.org> <[🔎] Pine.LNX.4.58L.0403241806280.30917@arizona.ethz.ch>

At 18:14 on Wed, 24 Mar 2004, Elmar S. Heeb wrote:
> Well, actually there is a solution: use wild cards in the name of the
> keys.  You can make the certificate for *.mycompany.com for several web
> sites within mycompany.com, or you can go so far as to use * for any host
> name.  Most modern browsers will accept such a certificate, some will
> complain and still accept it.

In my experience, *.mycompany.com would match foo.mycompany.com but not
foo.bar.mycompany.com - which may be sufficient if you can get into
people's heads that the domains are www.mycompany.com and
sales.mycompany.com and definitely not www.sales.mycompany.com

So I have a feeling that * would match 'com' or 'org' but nothing more
useful.  Though it may vary from browser to browser.

-- 
Chris
"No candidate achieved quota:             | "Candidates elected:
Action: Eliminate 150 students and        |  Yes"
transfer their votes." - DEVote (11/3/04) |   - Beremiz (13/3/04)

Reply to:

References:
- name based virtual host and apache-ssl
  - From: Haim Ashkenazi <haim@babysnakes.org>
- Re: name based virtual host and apache-ssl - thanx
  - From: Haim Ashkenazi <haim@babysnakes.org>
- Re: name based virtual host and apache-ssl - thanx
  - From: "Elmar S. Heeb" <heeb@phys.ethz.ch>

Prev by Date: Re: name based virtual host and apache-ssl - thanx
Next by Date: Re: name based virtual host and apache-ssl - thanx
Previous by thread: Re: name based virtual host and apache-ssl - thanx
Next by thread: readdir and checksecurity
Index(es):
- Date
- Thread